grahamperrin Posted September 22, 2010 Report Share Posted September 22, 2010 Running Immunet Plus 2.0.15.12 alongside (unsupported) Sophos Endpoint Security and Control 9. Booting from C: with Windows XP Professional Service Pack 3. (D: has outdated Windows Vista Enterprise but I rarely boot from that volume.) Following boot and log on to XP, a yellow shield signified an automated Microsoft Update. The shield disappeared after maybe 9% download complete, which made me suspicious. The machine seemed to be slower than usual (blue shield for Sophos didn't appear in good time, and I don't recall seeing the Immunet Protect icon in the tray) so I opted to (a) log out or ( restart the OS (I can't remember which I did, sorry). Following log on to XP, Immunet Protect alerted me to quarantine of Gen:Trojan.Heur.wf@@YEnq1Lki relating to a file in a subdirectory of D: Looking at history in Immunet Protect, I wasn't immediately convinced so I ran Microsoft Update, found and installed a definition update for Windows Defender http://support.microsoft.com/kb/915597/en-gb (note, however, that Windows Defender is not enabled). I see nearby http://forum.immunet.com/index.php?/topic/313-false-positive-updating-windows-defender/ False Positive Updating Windows Defender http://www.google.co.uk/search?q=%22Gen:Trojan.Heur.wf@@YEnq1Lki%22 finds nothing but http://www.google.co.uk/search?q=%22Gen:Trojan.Heur%22 finds topics in a BitDefender forum. Might this be a false positive involving TETRA? Screen shots attached. Whether the quarantined file, which has a .temp suffix to its name, is still on disk, I don't know … Link to comment Share on other sites More sharing options...
grahamperrin Posted September 22, 2010 Author Report Share Posted September 22, 2010 Whether the quarantined file, which has a .temp suffix to its name, is still on disk, I don't know … Directory D:\02e0b937bd0f64969d1a0c no longer exists, sorry … but configuration on this machine is currently to send files to the cloud, so maybe you have it there already. Link to comment Share on other sites More sharing options...
alfred Posted September 22, 2010 Report Share Posted September 22, 2010 Directory D:\02e0b937bd0f64969d1a0c no longer exists, sorry … but configuration on this machine is currently to send files to the cloud, so maybe you have it there already. It was a detect in the Tetra engine, and a false one. It's fixed now. Thanks Graham and thanks to the other user who mailed me directly. Best, al Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.