Anti-Spyware: false positive

creeping.death · #1 05-12-2006, 11:03 PM

Running the On-Demand-Spyware-Scanner on my WindowsXP Pro install leads to the following result:

WinAntivirus (Rogue Anti-Spyware product)

Two Registy keys are affected:
HKLM\software\classes\Component Categories\{56FFCC30-D398-11d0-B2AE-00A0C908FA49}\409

and

HKLM\software\classes\Component Categories\{56FFCC30-D398-11d0-B2AE-00A0C908FA49}

But these entries are necessary for the Microsoft Antivirus API?!

(And I have never installed WinAntiVirus oder visited their site).

**Paranoid2000** · #2 05-13-2006, 12:12 AM

Welcome to the forums Creeping.death,

Please review the Outpost 3.0 - What to expect: Anti-Spyware FAQ for details on reporting false positives.

creeping.death · #3 05-13-2006, 07:32 PM

The FAQ sais:

Quote:

I have encountered a false positive/suspicious file. How do I report it?
False positives (where the plugin is reporting an innocent file as malicious) and suspicious files not detected by the plugin should be sent to the Suspicious Files page.

But what file am I to send to the Suspicious Files page? An ISO image of my Windows partition?
As I said, there are only two registry keys and they belong to a Microsoft API.

Minceypw · #4 05-13-2006, 09:51 PM

Quote:

Originally Posted by creeping.death

The FAQ sais:

But what file am I to send to the Suspicious Files page? An ISO image of my Windows partition?
As I said, there are only two registry keys and they belong to a Microsoft API.

I asked a similar question under this thread:
http://www.outpostfirewall.com/forum...ad.php?t=17255

Check Firepost's response under the 12th post

Hope that helps.

**FirePost** · #5 05-14-2006, 09:16 AM

For this particular detection my personal opinion was:

Quote:

Originally Posted by FirePost

I believe this is a false positive. Many AV will will register as an attachment scanner for "office antivirus"....

The entire reply was in the thread "help please."

creeping.death · #6 05-15-2006, 02:32 AM

Thanks, Minceypw + FirePost.

justme2 · #7 09-10-2006, 09:12 AM

FALSE POSITIVE CONFIRMED:

TGUID 56FFCC30-D398-11d0-B2AE-00A0C908FA49
key409, data "officeantivirus"
--is mistaken for malware: "WinAntiVirus"
______________

ANOTHER FALSE POSITIVE:

Reports Nissan DataScan as: "win key genie"
(just because it uses the same uninstaller)
ST6UNST #1
______________

--THIS DETECTION METHOD IS SUPER-LAME!
SUGGEST AGNITUM TAKE A LICENSE FROM LAVASOFT SO'S OUTPOST CAN SCAN FOR MALWARE CORRECTLY!

**FirePost** · #8 09-10-2006, 12:52 PM

Quote:

Originally Posted by justme2

ANOTHER FALSE POSITIVE:

Reports Nissan DataScan as: "win key genie"
(just because it uses the same uninstaller)
ST6UNST #1

False detection for ST5UNST's as well. One should always double check any detections. I would not let ANY program automatically remove things.
My idea of Anti-Spyware protection does not include disabling the AV.

**Paranoid2000** · #9 09-10-2006, 05:59 PM

Quote:

Originally Posted by FirePost

False detection for ST5UNST's as well. One should always double check any detections.

I've encountered (and reported, again, to Agnitum) the ST5UNST false positive.

**FirePost** · #10 09-11-2006, 07:00 AM

Quote:

Originally Posted by Paranoid2000

I've encountered (and reported, again, to Agnitum) the ST5UNST false positive.

I reported it once and finally disabled the detection. When one key is returned as more than one detection, one knows something is suspect.

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Outpost 3.5 Anti spyware and Bitdefender9	peebee	Outpost Firewall General Discussions, Support, and Troubleshooting	1	04-20-2006 06:06 AM
False positive OP spyware plugin ? Golden Eye	ntgof	General Plug-In Discussions	2	03-22-2006 07:53 AM
Outpost Anti Spyware Plugin	nippauls	General Plug-In Discussions	46	11-01-2005 02:23 PM
OP 3.0 AntiSpyware - False positive?	SandmanUK	Outpost Firewall General Discussions, Support, and Troubleshooting	3	10-06-2005 04:16 PM

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)