Hi all. I've already reported this to reporting@prevx.com, but it's a bit more complex than a false positive. Maybe this story helps someone, who may also have ran in the same situation.

The problem occurs with Visual Studio 2010 installed with the help set to local.

What happens is this: when you start help from Visual Studio 2010, the system launches the HelpLibraryAgent. The first thing that does, is generate source files in the temp directory, which are compiled into a DLL, which is used by HelpAgentLibrary itself as soon as it has compiled. It's a random name (probably to solve potential hijacking). However, PrevX detects it, falsely, as Win32/Heur.

The situation is reproducible on other computers with the above installed.
Detection override on the temp directory still causes an email alert to be send by PrevX...

A workaround is to use the online help, which retrieves the help pages from Microsoft itself.

Kind regards,

Geri

Thanks for both, reporting it and workaround

-{ Quote: "Hi all. I've already reported this to reporting@prevx.com, but it's a bit more complex than a false positive. Maybe this story helps someone, who may also have ran in the same situation.

The problem occurs with Visual Studio 2010 installed with the help set to local.

What happens is this: when you start help from Visual Studio 2010, the system launches the HelpLibraryAgent. The first thing that does, is generate source files in the temp directory, which are compiled into a DLL, which is used by HelpAgentLibrary itself as soon as it has compiled. It's a random name (probably to solve potential hijacking). However, PrevX detects it, falsely, as Win32/Heur.

The situation is reproducible on other computers with the above installed.
Detection override on the temp directory still causes an email alert to be send by PrevX...

A workaround is to use the online help, which retrieves the help pages from Microsoft itself.

Kind regards,

Geri" }-

Hi Geri and welcome to the Official Prevx Support forum!

Thanks for the info but did you send to this address reporting@prevx.com? It should be this one report@prevxresearch.com as stated in this post: http://www.wilderssecurity.com/showthread.php?t=245129 or there support inbox: http://info.prevx.com/service.asp

HTH,

TH

Hi Triple Helix, and thanks.

I did send it to report@prevxresearch.com (including logs and the generated source code by Visual Studio). Sorry for my mistake in the post...

Should I send it additionally via the webform? I'm asking, since there are some attachments, including the generated source code and the make files.

Kind regards,

Geri

-{ Quote: "Hi Triple Helix, and thanks.

I did send it to report@prevxresearch.com (including logs and the generated source code by Visual Studio). Sorry for my mistake in the post...

Should I send it additionally via the webform? I'm asking, since there are some attachments, including the generated source code and the make files.

Kind regards,

Geri" }-

One place is fine report@prevxresearch.com as you don't want multiple support agents working on the same problem and if they need additional info they will contact you via the email address you used!

TH