grahamperrin Posted September 22, 2010 Report Share Posted September 22, 2010 Running Immunet Plus 18.104.22.168 alongside (unsupported) Sophos Endpoint Security and Control 9. Booting from C: with Windows XP Professional Service Pack 3. (D: has outdated Windows Vista Enterprise but I rarely boot from that volume.) Following boot and log on to XP, a yellow shield signified an automated Microsoft Update. The shield disappeared after maybe 9% download complete, which made me suspicious. The machine seemed to be slower than usual (blue shield for Sophos didn't appear in good time, and I don't recall seeing the Immunet Protect icon in the tray) so I opted to (a) log out or ( restart the OS (I can't remember which I did, sorry). Following log on to XP, Immunet Protect alerted me to quarantine of Gen:Trojan.Heur.wf@@YEnq1Lki relating to a file in a subdirectory of D: Looking at history in Immunet Protect, I wasn't immediately convinced so I ran Microsoft Update, found and installed a definition update for Windows Defender http://support.microsoft.com/kb/915597/en-gb (note, however, that Windows Defender is not enabled). I see nearby http://forum.immunet.com/index.php?/topic/313-false-positive-updating-windows-defender/ False Positive Updating Windows Defender http://www.google.co.uk/search?q=%22Gen:Trojan.Heur.wf@@YEnq1Lki%22 finds nothing but http://www.google.co.uk/search?q=%22Gen:Trojan.Heur%22 finds topics in a BitDefender forum. Might this be a false positive involving TETRA? Screen shots attached. Whether the quarantined file, which has a .temp suffix to its name, is still on disk, I don't know … Link to comment Share on other sites More sharing options...
This topic is now archived and is closed to further replies.