False Positives

  • Thread starter Thread starter Microsoft private
  • Start date Start date
M

Microsoft private

I have installed and run Beta 1 on my system. Based on other products (Ad
Aware), my own very conservative settings on IE, general safe computing
practices, and no symptoms of spyware, I do not believe that I have any
spyware on my system. The Beta detected 3 instances of spyware. The
first, WinPCap, I had installed, and it correctly said it was a low threat.
The system has a cool "always ignore" setting that I will use for WinPCap.

The second, EZCyberSearch, was detected in a folder c:\documents and
settings\knox\favorites\cool sites. In this folder I have about 30 various
URL's and it shows all to be infected. Apparently it doesn't like the word
"cool" in the path. I changed the name of the directory and now it doesn't
show up. I guess there's no double checking.

The third, Network Essentials, is detected in the folder c:\program
files\pop which contains a Microsoft Access MDB that I myself created. It
seems unlikely that it would contain a Browser hijacker. I don't feel like
renaming my application to test it, but I hope that it is not just looking
for the word "pop". The "learn more about this threat" link does not
currently have any information.

So far I find the user interface and installation to be very clean, easy to
use, and easy to understand.


Knox
 
Knox,

Thank you for the posting. I have filed 2 bugs that you have found
involving the false positives for EZCyberSearch and Network Essentials. The
winpcap issue is known. Thanks again for helping us test.


- steve

Steve Dodson [MSFT]
MCSE, CISSP
PSS Security


-

This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this
message are best directed to the newsgroup/thread from which they
originated.
--------------------
 
Thank you. WinpCap I didn't consider a false positive.


Knox

"Steve Dodson [MSFT]" said:
Knox,

Thank you for the posting. I have filed 2 bugs that you have found
involving the false positives for EZCyberSearch and Network Essentials.
The
winpcap issue is known. Thanks again for helping us test.


- steve

Steve Dodson [MSFT]
MCSE, CISSP
PSS Security


-

This posting is provided "AS IS" with no warranties, and confers no
rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this
message are best directed to the newsgroup/thread from which they
originated.
--------------------
From: "Microsoft private" <[email protected]>
Subject: False Positives
Date: Thu, 6 Jan 2005 10:11:14 -0500
Lines: 28
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
X-RFC2646: Format=Flowed; Original
Message-ID: <[email protected]>
Newsgroups: microsoft.private.security.spyware.general
NNTP-Posting-Host: 68-64-80-103.atlsfl.adelphia.net 68.64.80.103
Path: cpmsftngxa10.phx.gbl!cpmsftngsa06.privatenews.microsoft.com!CPMSFTNGSA04.pri
vatenews.microsoft.com
Xref: cpmsftngxa10.phx.gbl microsoft.private.security.spyware.general:53
X-Tomcat-NG: microsoft.private.security.spyware.general

I have installed and run Beta 1 on my system. Based on other products (Ad
Aware), my own very conservative settings on IE, general safe computing
practices, and no symptoms of spyware, I do not believe that I have any
spyware on my system. The Beta detected 3 instances of spyware. The
first, WinPCap, I had installed, and it correctly said it was a low threat.
The system has a cool "always ignore" setting that I will use for WinPCap.

The second, EZCyberSearch, was detected in a folder c:\documents and
settings\knox\favorites\cool sites. In this folder I have about 30 various
URL's and it shows all to be infected. Apparently it doesn't like the word
"cool" in the path. I changed the name of the directory and now it doesn't
show up. I guess there's no double checking.

The third, Network Essentials, is detected in the folder c:\program
files\pop which contains a Microsoft Access MDB that I myself created. It
seems unlikely that it would contain a Browser hijacker. I don't feel like
renaming my application to test it, but I hope that it is not just looking
for the word "pop". The "learn more about this threat" link does not
currently have any information.

So far I find the user interface and installation to be very clean, easy to
use, and easy to understand.


Knox
Click to expand...
Click to expand...
 
Back
Top