More Potential False Positives

[Bill H]

I tried the AntiSpam Beta 1 on my work PC this morning
and it flagged INSTSRV.EXE and SRVANY.EXE as Trojan
threats. Both of these programs are available from
Microsoft in one of their resource kits (grin).

 

[Bill Sanderson]

I understand that both of these are Microsoft software which can be used
appropriately. Did you read the descriptions of the items, and did that
make it clear why you were being alerted to their presence on your machine?

 

[Helpful?]

Think you will find that depending on the location these
files were found in they could be either Microsoft or the
baddies!!

Once it has been detected, go to the location of the file
and right click on it, go into properties, check to see if
it has any vendor info, very useful tip for finding whats
good and whats bad!

Hope this is helpful!

 

[Bill Sanderson]

One key bit of information that can turn a goodie into a baddie is whether
the user is aware that the file is installed on their machine.

This is a large part of what Microsoft Antispyware is doing when it calls
out such files.

 

[Guest]

Both of the Microsoft programs were tagged as trojan.
The situation however is that both programs are ligit
Microsoft programs that I installed on my machine.

 

[Bill Sanderson]

That's clearer.

I believe that these programs should be tagged, but not as other items--i.e.
not as part of trojans, but for their own potential for abuse--so that, for
example, someone finding them present on a machine without their knowledge
would be alerted to that presence.

They should be described accurately, however, and not pegged as part of some
trojan unless the rest of the code for that trojan is also present.