False Positive for ShopAtHome

  • Thread starter Thread starter Bill Sanderson
  • Start date Start date
B

Bill Sanderson

Ran into this on a server this morning. Since the detected files are copies
of the source CD's for SBS-2000, I'm quite certain this is a flase positive.

Event Type: Warning
Event Source: WinDefend
Event Category: None
Event ID: 1006
Date: 3/9/2006
Time: 12:22:47 AM
User: N/A
Computer: PRIME
Description:
Windows Defender scan has detected potential malware.
For more information please see the following:
http://www.microsoft.com
Scan ID: {F8D0CF95-75EA-45F0-8D36-0D698C3CE5FE}
Scan Type: AntiSpyware
Scan Parameters: Full Scan
User: NT AUTHORITY\SYSTEM
Threat Name: ShopAtHome
Threat Id: 10773
Threat Severity: 4
Threat Category: 2
Path Found: file:G:\Source
CDs\sbs-cd3\EXCHSRVR60\MIGRATE\ASN\SUPPORT\SYMBOLS\I386\ASNSYMBOLS.MSI->(MSI
Stream 4);file:G:\Source
CDs\sbs-cd3\EXCHSRVR60\ADC\SUPPORT\SYMBOLS\I386\ADCSYMBOLS.MSI->(MSI Stream
4);file:G:\Source
CDs\sbs-cd2\SQL2000\MSEQ\X86\VS\VSI2.CAB->Common\Tools\VS-Ent98\VSInst\BuildRes\mdac.msm->(MSI
Stream 0);file:C:\Program Files\Microsoft Small Business Server
SP1\EX2KSP3_server.exe->(WinZipSfx)->server/support/symbols/i386/SupportSymbols.msi->(MSI
Stream 4);file:C:\Program Files\Microsoft Small Business Server
SP1\EX2KSP3_server.exe->(WinZipSfx)->server/calcon/support/symbols/i386/CalConSymbols.msi->(MSI
Stream 4);file:C:\Program Files\Microsoft Small Business Server
SP1\EX2KSP3_server.exe->(WinZipSfx)->server/adc/support/symbols/i386/ADCSymbols.msi->(MSI
Stream 4);file:G:\Source
CDs\sbs-cd3\EXCHSRVR60\SUPPORT\SYMBOLS\I386\SUPPORTSYMBOLS.MSI->(MSI Stream
4)
Detection Type: Signatures



--
 
Hi Bill

Mr Treit confirmed it yesterday.

From: "Mike Treit [Msft]" <[email protected]>
References: <[email protected]>
Subject: Re: ShopAtHome False Positive with Full Scan?

--------------------------------------------------------------------------------


Yes, this is a false positive.

This should be fixed in an upcoming signature release. You should not
try to remove it (in any event, removing it will fail because it's
inside an archive, but that's a different issue.)

Thanks

-Mike
 
So much for my memory--in fact, I even recall reading that message, but
obviously not which item was involved!
--

plun said:
Hi Bill

Mr Treit confirmed it yesterday.

From: "Mike Treit [Msft]" <[email protected]>
References: <[email protected]>
Subject: Re: ShopAtHome False Positive with Full Scan?

--------------------------------------------------------------------------------


Yes, this is a false positive.

This should be fixed in an upcoming signature release. You should not try
to remove it (in any event, removing it will fail because it's inside an
archive, but that's a different issue.)

Thanks

-Mike

--
plun
Ran into this on a server this morning. Since the detected files are
copies of the source CD's for SBS-2000, I'm quite certain this is a flase
positive.

Event Type: Warning
Event Source: WinDefend
Event Category: None
Event ID: 1006
Date: 3/9/2006
Time: 12:22:47 AM
User: N/A
Computer: PRIME
Description:
Windows Defender scan has detected potential malware.
For more information please see the following:
http://www.microsoft.com
Scan ID: {F8D0CF95-75EA-45F0-8D36-0D698C3CE5FE}
Scan Type: AntiSpyware
Scan Parameters: Full Scan
User: NT AUTHORITY\SYSTEM
Threat Name: ShopAtHome
Threat Id: 10773
Threat Severity: 4
Threat Category: 2
Path Found: file:G:\Source
CDs\sbs-cd3\EXCHSRVR60\MIGRATE\ASN\SUPPORT\SYMBOLS\I386\ASNSYMBOLS.MSI->(MSI
Stream 4);file:G:\Source
CDs\sbs-cd3\EXCHSRVR60\ADC\SUPPORT\SYMBOLS\I386\ADCSYMBOLS.MSI->(MSI
Stream 4);file:G:\Source
CDs\sbs-cd2\SQL2000\MSEQ\X86\VS\VSI2.CAB->Common\Tools\VS-Ent98\VSInst\BuildRes\mdac.msm->(MSI
Stream 0);file:C:\Program Files\Microsoft Small Business Server
SP1\EX2KSP3_server.exe->(WinZipSfx)->server/support/symbols/i386/SupportSymbols.msi->(MSI
Stream 4);file:C:\Program Files\Microsoft Small Business Server
SP1\EX2KSP3_server.exe->(WinZipSfx)->server/calcon/support/symbols/i386/CalConSymbols.msi->(MSI
Stream 4);file:C:\Program Files\Microsoft Small Business Server
SP1\EX2KSP3_server.exe->(WinZipSfx)->server/adc/support/symbols/i386/ADCSymbols.msi->(MSI
Stream 4);file:G:\Source
CDs\sbs-cd3\EXCHSRVR60\SUPPORT\SYMBOLS\I386\SUPPORTSYMBOLS.MSI->(MSI
Stream 4)
Detection Type: Signatures
Click to expand...
Click to expand...
 
Back
Top