Thanks for the info. Have been getting an education on Srvany.exe thanks
to your post. Agree that MSAS should be able to detect Srvany.exe as a
legitimate file but it does have potential to install malware using
phantom Services. Any suggestion to determine legit vs. illegit
intent ?
I've seen this happen with lots of stuff. Famatech's Remote Administrator
(RAdmin) is a good example. If you put there (like me) and use it to
remotely control one or more machines, fine. But if someone snuck it on
there without your knowledge, it could be bad news.
Maybe we need a separate category for "Heads up! Did you know this was here?
It can be used to <fill in the blank>."
It is worth noting that:
1. I don't think MS-AS recommended removing some of the "false positives"
like the resource kit stuff.
2. If it really is your software, you can just re-install it and arrange for
it to be ignored.
3. Who turns one of these anti-whatever programs loose to blindly delete
whatever it doesn't like without backing it up? The default settings for a
"scheduled" i.e., unattended scan in MS-AS are to quarantine everything
found.
My $0.02 worth.
