False positive hit... or not? -Solved

Similar Questions

• IPS 5.0 change action causes false positives

  Hello

  I've updated a 4215 and 4 port running 4.1 to 5.0. The unit is not "inline", always using a single sniff int when I add the (reset) action on a GIS (5126) or that relate to IIS and apply the change to the sensor starts go crazy picking off all kinds of web traffic as a hit and then resets the stream. Problem is that these are false positives... If I can go back to IDM and turn off the action of "reset" and use only the default value (alarm), the alarms keep coming. If I restart the sensor alarms stop.

  What I don't understand is this signature has been activated before and its default action is 'alarm '... I never received any alarm.

  As soon as I change the action for the alarm and reset becomes crazy? A sensor reboot solves the problem.

  Someone at - it given the similar problems?

  Thanks in advance

  MK

  MK

  I think that you encounter a known, fixed bug in update 5.0 (2) has just been released. It looks like:

  CSCeh36719 False positives after upgrading to 5.0 IPS

  It affects signatures in HTTP after engine they were listening. Try to install the service pack 5.0 (2) located here:

  http://www.Cisco.com/cgi-bin/tablebuild.pl/ips5

  SC

• is this a real threat or false positive?

  After scanning my local disk with norton 360, malwarebytes, MRT and Prevx 3.0,.

  ONLY Prevx 3.0 identified "funshioninstall2.0.0.29beta.exe" as a "medium risk Malware."

  should I worry that it is a true malware? or is this a false positive?

  EDIT:

  OK, so here is my log scan Prevx 3.0

  Crawl log Prevx - Version v3.0.5.50
  Generated journal: 2010-05-02 09:59, Type: 0.1
  Windows Vista Home Premium Service Pack 2 (Build 6002) 32 bit | 1033
  HostName: Laura-laptop
  Some non malicious files are not included in this journal.
  The heuristic settings: age: 1, Pop: 1, er: 2 (Dir: 1)
  Last Scan: Game 2010-02-04 18:28:24 standard time from the Malay Peninsula. Number of reviews: 18. Last Scan duration: 11 seconds.
  [B] c:\users\hp\documents\funshioninstall2.0.0.29beta.exe [PX5: D95BFA4F8032110946EE3EBC37159F00C796261D] Malware Group: medium risk Malware
  [U] c:\users\hp\appdata\local\temp\idc2.tmp\esetsmartinstaller.exe [PX5: 55DCEDE9B89E059BC60B28F558D3F200E91255CE]
  [G] c:\users\hp\appdata\local\temp\mpengine.dll [PX5: A5A4683D50CAB446FF534A1C8C998100147F70B9]
  [G] c:\program 8.0\reader\plug_ins\acroform.api Adobe [PX5: 85713B076347D1CB5818848EA68AD10081B35FB6]
  [G] c:\program 8.0\reader\plug_ins\annots.api Adobe [PX5: 977D2D4D632A22EBF0133E90489E7100C29D41B2]
  [G] c:\program 8.0\reader\plug_ins\checkers.api Adobe [PX5: 1DA23B766366CBB9CC380C00D9DA8D0083001567]
  [G] c:\program 8.0\reader\plug_ins\digsig.api Adobe [PX5: 96451BDD63ED7BD28AF811CC6180C80012291CE0]
  [G] c:\program 8.0\reader\plug_ins\dva.api Adobe [PX5: CF8C8685639350CCE8A501C78E0EEC00D8972603]
  [G] c:\program 8.0\reader\plug_ins\ebook.api Adobe [PX5: 08F5A46A630E7B98C88400FBD94321003DA193EC]
  [G] c:\program 8.0\reader\plug_ins\escript.api Adobe [PX5: 6D277404631FB929A0EF1538CC31D200B97F36B5]
  [G] c:\program 8.0\reader\plug_ins\ewh32.api Adobe [PX5: 01643ADA63E0ED85EC450168F37740000277C605]
  [G] c:\program 8.0\reader\plug_ins\hls.api Adobe [PX5: 64E5397E6392E3FAC8CB00E1284D7F000640BCFA]
  [G] c:\program 8.0\reader\plug_ins\ia32.api Adobe [PX5: F5CD2359633A03BB4A6D01D5015DC300F91E3ACA]
  [G] c:\program 8.0\reader\plug_ins\imageviewer.api Adobe [PX5: FB81CE176346B3F122F307D430166C00565464B8]
  [G] c:\program 8.0\reader\plug_ins\makeaccessible.api Adobe [PX5: 1212EDBD6371F2050C911F82431E0800409F620D]
  [G] c:\program 8.0\reader\plug_ins\multimedia.api Adobe [PX5: C156BCDA637B83048E0B148B8BC49E00F9CCACFE]
  [G] c:\program 8.0\reader\plug_ins\pddom.api Adobe [PX5: 1E18E20C6301EF26101C068B6D4CBD00B9DDBFFA]
  [G] c:\program 8.0\reader\plug_ins\ppklite.api Adobe [PX5: 79BCD6E163A5EF9E264A5898FAC10C0013EF159E]
  [G] c:\program 8.0\reader\plug_ins\readoutloud.api Adobe [PX5: 2EBDB16E63B7C630A02D01E7429B0B00E64C86A6]
  [G] c:\program 8.0\reader\plug_ins\reflow.api Adobe [PX5: 6099E98463701FFF8A8D0589DF58AB00657EAB78]
  [G] c:\program 8.0\reader\plug_ins\saveasrtf.api Adobe [PX5: 4A437003634ED92F967B045F61F0720051BC0C37]
  [G] c:\program 8.0\reader\plug_ins\search.api Adobe [PX5: 9D0419C76310DA8C622405F7446BCE006A4883BA]
  [G] c:\program 8.0\reader\plug_ins\search5.api Adobe [PX5: 17E305A9635073714E2F01AFF4C21C00BF9458B9]
  [G] c:\program 8.0\reader\plug_ins\sendmail.api Adobe [PX5: 128AC56663F2B51EE6720183AAC2C000E5AAACDD]
  [G] c:\program 8.0\reader\plug_ins\spelling.api Adobe [PX5: 774DC83B63D1960C18AA042B9D3B8300D3026D21]
  [G] c:\program 8.0\reader\plug_ins\updater.api Adobe [PX5: F38F4C3D63D92E08860702D457276F0044688EFB]
  [G] c:\program 8.0\reader\plug_ins\weblink.api Adobe [PX5: E78768DE63755C28CEEE022492A69C00CBF38439]
  [G] c:\program 8.0\reader\cryptocme2.dll Adobe [PX5: F76819DC00C5883310E8067EA24A5200817BD6B4]
  [G] c:\program 8.0\reader\ccme_base.dll Adobe [PX5: D752984600DFDFC340B707252C1A1900BA338606]
  [G] c:\program 8.0\reader\adobelinguistic.dll Adobe [PX5: C7D63C6200D92F4F206507D3786F8A0087E1E5E9]
  [G] c:\program 8.0\reader\adobeupdater.dll Adobe [PX5: D8D9E35378D1FFEEB1A507C20217D2007E14A855]
  [G] c:\windows\system32\vdmdbg.dll [PX5: C3E08FF1009FFB0144CB00609249C00003CA5EB4]
  [G] c:\program 8.0\reader\bibutils.dll Adobe [PX5: 96DE17E200C25AC252AE02C33C6D0700D2FB1CBF]
  [G] c:\program ESET ESET online scanner\onlinescanner.ocx [PX5: E90A101F4896CB413603336803AA3E00039AEFD0]

  End of the Prevx Scan newspaper - http://www.prevx.com

  (I don't know if the addition of the crawl log would make a difference, but here it is anyway...)

  .. .so if anyone can read it, including at - it malware in the newspaper?

  (PS. Sorry for the link, I didn't know he was malware..)

  MORE EDITING:

  OK, so http://www.spywaredetector.net/spyware_encyclopedia/Downloader.agent.yg.htm said that funshion has a virus 'Downloader '... (but I still have to confirm with the support of Prevx and other stuff that I sent the crawl log Prevx support, so it can be checked again)

  But let me ask you a few questions please...

  (1) can I just delete it manually? or just uninstall it off my computer? or I have to use tools?

  (2) If tools are needed, what is recommended? or simply use the one which is available here? [ http://www.spywaredetector.net/spyware_encyclopedia/Downloader.agent.yg.htm ]

  (3) in your opinion, the downloader viruses are something to be very concerned of?

  (4) I checked with norton's database. [ http://www.symantec.com/security_response/writeup.jsp?docid=2002-101518-4323-99 ] in the report, it is said it affects not the panoramas, but norton 360 had failed to detect the funshion first thing... Still, I'd be concerned?

  Hello

  Here's another report about it - since the site is in Chinese or something, I'd be very worried.

  http://www.spywaredetector.NET/spyware_encyclopedia/Downloader.agent.YG.htm

  =====================================================

  Try the trial of Hitman Pro that uses methods similar to Prevx and will remove
  Malware - free 30 day trial. You can uninstall it when the trial is up.

  Hitman Pro is a medium one scanner it only runs when you wish and has no resident function.

  Hitman Pro - 30 days free trial version
  http://www.SurfRight.nl/en/hitmanpro

  I hope this helps.
  Rob - bicycle - Mark Twain said it is good.

• False positives?

  I know that means I'd be absolutely convinced that this is not a virus, but what happens if you delete by mistake the false positive, thinking that it is not a false positive? It will have a negative impact on the computer?

  (I have my suspicions, that the last time norton said I had a virus 'Protector' who put him and panic that I deleted the point suffered. I went looking for virus "Protector", but he is not in a database. currently I use the computer of my mom [.. .as my cell phone has been confiscated...] so I can't really check on it now and know if there are problems that is why I ask) This question)

  and does anyone know if there is even such a THING as a "protector" virus?

  and how 1 knows if a virus detected by analysis is a false positive or something that was not only on the basis of data yet?

  Hello

  Deleting a file can have a negative influence, that is to the advantage of quarantine especially for the system measures
  files. For the file system, it even being removed from the quarantine area may have a dramatic effect on the system
  What is the function of the file.

  Most system files can be replaced by SFC/scannow assuming the system starts and CFS can be executed.

  Google is your friend.
  Rob - bicycle - Mark Twain said it is good.

• SFC/scannow detected files corrupt in Windows 7 64-bit it can not solve, and continues to deny me access to fix.

  I ran SFC/scannow this evening and received an error message saying corrupted files had been found, but could not be fixed, and gave me this path to find the journal and view and/or correct the files.  I read a few articles in this community on how to access the logs as an administrator.  No instructions in all of the arrticles works, I denied access on any line to display the files and I can't have them, either.  My laptop Asus G74Sx actually works very well, these corrupt files are something that I should worry and spend hours and hours trying to coax my laptop to me as an administrator?  Can someone please tell me how to enter the newspaper and how to fix corrupted files?

  First step, run DISM to correct errors.  Instructions located in the underside of wiki

  Please run a check of system files (SFC) & DISM if you're on win 7 or higher 
  
  
  All instructions are in our Wiki article below... If you have any questions please ask us.
  Check the file system (CFS) analysis and repair system files & DISM to fix things SFC cannot

  Second step.  Re run SFC.  If errors occur in the log upload them on a single disc and we give a link to it in your next post

  There are MANY false positives and false negatives.

• E6420 - Bios A07 - false positive diagnosis - Lcd Cable

  Hello world!

  I found a weird bug with update bios A07 on the E6420 (i5 - 2520 m). The utility disgnostics report "error Lcd 2000-0415. When I return to A06, the problem disappear.

  Anyone can repeat this mistake? I had opened a case to replace my lcd cable and I will contact Dell to cancel the replacement of the cable. But if no one can repeat the problem may be that the cable is really damaged and better A07 bios detects it.

  I have no problem using the computer.

  Thank you.

  There is a long and a short version of this... As I understand it, Dell has implemented a change to the hardware level allowing the cable test for the work they have released newer versions of systems and enabled in the BIOS.  For systems with the old cables, it always generates a false positive.  It is not an error in the BIOS, it's just this test is not supported by the hardware you have.

• False positive

  Hi all

  Is this a false positive? I just did a clean install of Win 7 64-bit Ultimate on my Dimension 8400 on a new hard drive installed MSE, windows update, download and installed msn version 9 the fly butter, downloaded a driver for my wireless card, downloaded the new version of malwarebytes and it ran, it came with it.

  Malwarebytes' Anti-Malware 1.45
  www.Malwarebytes.org

  Database version: 3937

  Windows 6.1.7600
  Internet Explorer 8.0.7600.16385

  31/03/2010 07:15:05
  MBAM-log-2010-03-31 (15/07/05) .txt

  Scan type: quick scan
  Objects scanned: 100023
  Time elapsed: 2 minute (s), 27 second (s)

  Memory processes infected: 0
  Memory Modules infected: 0
  Registry keys infected: 0
  Registry values infected: 0
  The infected registry data: 1
  Folders infected: 0
  Infected files: 0

  Process memory infected:
  (No malicious items detected)

  Memory infected:
  (No malicious items detected)

  Infected registry keys:
  (No malicious items detected)

  The registry is infected:
  (No malicious items detected)

  Infected registry data items:
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties)-> Bad: (1) Good: (0) not-> no action taken.

  Infected files:
  (No malicious items detected)

  Infected files:
  (No malicious items detected)

  So I ran on my XPS 430 and my 1501 with win 7 64 bit and Vista Ultimate 64 bit, it came with the same thing on my computer! SO I think it's a false positive. I didn't {{remove this to any of my computers still}}

  What do you think?

  Thank you

  Discussion: http://forums.malwarebytes.org/index.php?showtopic=7653

• False positive for test seek funnel with Dell PC Checkup?

  I run PC Checkup of Dell occasionally and the other day I ran and got a failure for a WD 2 TB my Passport (external USB) drive. Specifically, according to Dell PC Checkup, he failed to test search funnel.

  I had no problem with the drive at all, so I ran chkdsk from Windows 7: is it that: none of the problems not reported. I also ran WD "s diagnostics owners and he spent all three steps of this (SMART, fast and complete drive test) as well.

  I've seen references to the false positive PC Checkup of this kind of statement.

  The car is under warranty and there is no problem with data loss, but I am just not sure of what or tests to trust.

  I don't want to go through the hassle of RMA if that disk is actually OK.

  Any thoughts?

  DG

  Hi dg;

  I have zero confidence in PC Checkup. The Dell diagnostics are ok, but the manufacturer of the car tools are the best. I diagnosed problems with SeaTools that neither Dell nor picked up Acronis diagnostics.

• McAfee false positive for ThinApped reviews

  Hello

  In our Organization, we have the customer view (4.01) using ThinApp (4.0.4 - 204871) and deployed to some users of test (on XP) for a pilot program.  Some users reported that our company software antivirus (McAfee VirusScan Enterprise 8.7i) wswc.exe as a generic Trojan virus.  The wswc.exe and the folder Thinstall tell me me that it is the Client of the view.  Here is a part of the McAfee log file:

  2010-10-14 01:12:08 engine version = 5400.1158

  2010-10-14 01:12:08 DAT AntiVirus version = 6135.0

  2010-10-14 01:12:08 number of EXTRA detection signatures. DAT = None

  10/14/2010-01:12:08 names of EXTRA detection signatures. DAT = None

  2010-10-14 15:54:32 deleted NT AUTHORITY\SYSTEM C:\WINDOWS\system32\CCM\CcmExec.exe C:\Documents and Settings\ (user name removed) \Local Settings\Application Data\Thinstall\Cache\Stubs\5a21d3a6a2ac166efd290dc64a9bea5988496d\wswc.exe generic.DX!12536d125737! ugk (Trojan)

  We told our users that ThinApp does not trace on the system package is connected.  I guess that now that this is incorrect.  Anyone in the community would be to explain what McAfee is actually detecting here and some suggestions about how we can avoid our users to see what kind of "false positive" virus messages?

  I just want to say that I've only worked with ThinApp for a few months so I'm still learning the application and I appreciate any input given to my question.

  Thank you

  Bob

  > > we told our users that ThinApp does not trace

  the system whether the package is connected.  I guess now that

  This is incorrect.  Anyone in the community would be so good regarding

  explain what McAfee is in fact detection here

  Only place that ThinApp change in the system is the location of the Sandbox, which you can simply get rid by deleting the folder.  An exception is if the isolation of a certain folder mode is merged (check attribute.ini in any folder to the package).

  When you capture

  an application and build a bin ThinApp project resulting

  folder contains all the installation files with the file of container as read only data.

  Now

  When you copy this into deploment machine and run, ThinApp can

  need to write files in some cases (for example if the application tries to)

  create a log file). Now ThinApp does not create files in

  OS system files (windows, program files, etc.) and creates all the sandbox

  and written. You can locate the default sandbox in %AppData%.

  So when you say no trace, it should mean that demand will not registers, write the system folders. Of course, if an application creates files, thinApp has to create them because otherwise the application does not work, but instead of creating these files anywhere in the system, ThinApp restrict to a location unique sandbox.

  I hope you do feel better now.

  Aditya

• broken HTTPS on my (and only me, no other ppl) FF ver v35, v29, v3.6.28. reinstalling does NOT solve. Any ideas?

  Broken FF after my windows infected by the virus userinit. The virus is eliminated, but FF has always fought in https and uninstall/reinstall does not solve https broken

  RobertHarper said

  Broken FF after my windows infected by the virus userinit. The virus is eliminated, but FF has always fought in https and uninstall/reinstall does not solve https broken

  In response to my own question: 5 months later, https started working again WITHOUT having done anything - don't reinstall, no upgrade, cache clears. Nothing. FF is more respectful of my 2 GB RAM PC Chrome, so it's nice to have FF works again. HTTPS work is essential for many sites these days.

• Firefox 34.0.5 cannot print correctly. I checked all the pages on firefox problems and still can not solve the problem.

  I use 34.0.5 with Windows 7 and that you cannot print correctly. In print preview, it appears in a label size. I double checked all my settings in firefox and my preferences from the printer, I checked all the pages on firefox problems and still can not solve the problem.

  I was able to finally solve the problem, but I had to do a complete reset of firefox. Thank you for your time.

• I put my yahoo homepage, but every time I open mozilla home page is webssearches I reset firefox, but it does not solve the problem, what to do now?

  My homepage is set to yahoo, but mozilla opens with http://istart.webssearches.com as start page. Same reset does not solve the problem. I think that I have installed a software that installed this. My default search engine is Google. Kindly help me, is there something to do in all: config?

  See this tutorial - http://malwaretips.com/blogs/istart-webssearches-com-removal/

• Icon mail frozen. IPad rebooted, but it has not solved the problem

  RRebooting iPad has not solved the problem of frozen mail icon

  RObert

  Close the mail application and force restart the iPad. No data is affected by this.

  Press the Home button twice quickly. You will see small glimpses of your applications recently used. Drag to the left to find the application you want to close. Swipe up on the preview of the application to close.

  To force the reboot your device, press and hold the sleep/wake button and the home for at least ten seconds, until you

• When I launch Firefox, I get only the bottom of my browser in the Firefox window. I have already reinstalled it, but it does not solve the problem.

  When I launch Firefox, I get only the bottom of my browser in the Firefox window. I have the normal window for 1 second, but it changes in the background window only. So, without the toolbar or navigation. I have already reinstalled it, but it does not solve the problem.

  Hello jonson00, please follow the troubleshooting steps in Firefox opens with a white or transparent window. If this solves the problem, it would be also interesting including the extension has a problem in your case. Thank you!

• In the visualization of my photos display problem: I have red spots in different parts of the pictures. Someone knows how to fix this?  I rebooted my MacBook Pro, but it does not solve the problem.

  In the visualization of my photos display problem: I have red spots in different parts of the pictures. Someone knows how to fix this?  I rebooted my MacBook Pro, but it does not solve the problem.

  Details please

  What version of Aperture? Is OS X 10.7.5 as you say correct for your OS? You shoot JPEG or RAW? If RAW device? Wharton has changed since this worked?

  LN