Adding Detection Overrides from Scan Results!?

Today my scheduled Prevx scan came up with a false positive (detected as Low Risk Adware - the file is marked as "under review" on the Prevx site):

[29/6/2009 21:38] The file [c:\users\...\appdata\roaming\updatestar\updatestar.exe] contains a threat of type [Low Risk Adware] - Identity: C46E9A16F0703D5BE0DB47C12DB63A00F1129BEF
[29/6/2009 21:38] The file [\??\C:\Users\...\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\UpdateStar.lnk] contains a threat of type [Infected Entry: [updatestar.exe]] - Identity: C46E9A16F0703D5BE0DB47C12DB63A00F1129BEF
[29/6/2009 21:38] The file [\REGISTRY\User\S-1-5-21-3888176665-2650448977-3160213159-1000\Software\Microsoft\Windows\CurrentVersion\Run] contains a threat of type [Infected Entry: [UpdateStar]] - Identity: C46E9A16F0703D5BE0DB47C12DB63A00F1129BEF

So, being pretty sure that this not adware I used the "Report this file as false positive" link from the scan results screen for all three detections.

The file c:\users\...\appdata\roaming\updatestar\updatestar.exe was correctly added to the list of detection overrides, however the shortcut and the AutoRun entry were not added to this list. There appeared two completely unrelated files there instead:

C:\Windows\system32\msxml3.dll
and
C:\Windows\system32\fdeploy.dll

Which are both part of the Windows Vista OS and are not related in any way to the shortcut and autorun entry I wanted to exclude...

 

Hello,
I suspect this is an issue when marking the associated entries - they are automatically allowed when the root file is allowed and don't need to be allowed separately but this is most likely a bug when handling non-file overrides.

In the meantime, I've corrected the single detection which was a heuristic FP and if you run another scan it should reset the other files and your status to clean.

Let me know if you experience any other issues or have any other questions!