ewido security suite 3.5 beta

false Positive in kaspersky internet security 2006 (beta)

C:\Program Files\Kaspersky Lab\AVP6\pdmhist\c34.BEF0670A01C569A4.history\00000025.bak -> Spyware.Cookie.Bluestreak

C:\Program Files\Kaspersky Lab\AVP6\pdmhist\c34.BEF0670A01C569A4.history\0000002d.bak -> Spyware.Cookie.Bluestreak

C:\Program Files\Kaspersky Lab\AVP6\pdmhist\c34.BEF0670A01C569A4.history\0000002f.bak ->
Spyware.Cookie.Bluestreak

C:\Program Files\Kaspersky Lab\AVP6\pdmhist\c34.BEF0670A01C569A4.history\00000033.bak ->
Spyware.Cookie.Bluestreak

C:\Program Files\Kaspersky Lab\AVP6\pdmhist\c34.BEF0670A01C569A4.history\00000038.bak -> Spyware.Cookie.Bluestreak

C:\Program Files\Kaspersky Lab\AVP6\pdmhist\c34.BEF0670A01C569A4.history\0000003e.bak -> Spyware.Cookie.Bluestreak

C:\Program Files\Kaspersky Lab\AVP6\pdmhist\c34.BEF0670A01C569A4.history\00000045.bak -> Spyware.Cookie.Bluestreak

C:\Program Files\Kaspersky Lab\AVP6\pdmhist\c34.BEF0670A01C569A4.history\00000110.bak -> Spyware.Cookie.Fastclick

C:\Program Files\Kaspersky Lab\AVP6\pdmhist\c34.BEF0670A01C569A4.history\00000112.bak -> Spyware.Cookie.Adserver

C:\Program Files\Kaspersky Lab\AVP6\pdmhist\c34.BEF0670A01C569A4.history\00000113.bak -> Spyware.Cookie.Adserver

C:\Program Files\Kaspersky Lab\AVP6\pdmhist\c74.8CD5980801C569A9.history\00000004.bak -> Spyware.Cookie.Doubleclick

C:\Program Files\Kaspersky Lab\AVP6\pdmhist\c74.8CD5980801C569A9.history\00000005.bak -> Spyware.Cookie.Atdmt

Groeten uit nederland

 

Hi Andre

Don't you think that this post would be better placed in the Kaspersky forum's betasection, this is after all an Ewido thread.

 

I don't think so

I guess that Andre means that Ewido is flagging this as FP's.

For that matter I have deleted ewido for the time being. The FP's are too much still.

 

sorry ik spreek geen engels maar het gaat hier toch om de false postivie van ewido?

 

That could be it ........... I have uninstalled too, but not because of false positives,those were down to two after submitting all that the FP's i had. Seemed to be a very nice improvement and i'm looking forward to when the final version is released.

 

As for now I don't have anymore FP's since last update (#1310)
Btw it is quiet here

 

Yes, have you submitted the files to:submit@ewido.net.

 

no not yet this will do I now.

 

For the time being, I am going back to version 3 as I am having a lot of problems with the guard sticking on 50 % cpu. When it does this I have to deactivate the guard and wait a few minutes, then reactivate it. It is getting to be too much of a hassle... I will look for either a later beta or when you get this problem fixed...

 

That's exactly the feeling I had: hassle... I just hope that the final 3.5 will be much better than the beta.

 

i had loads of problems with ewido 3.5 so i changed to 3.0.

i just find that Heuristic scanning is not a must have coz it brings so much false positives.

but the other features i find really good but its still in beta so i understand that there is alot of bugs and false positives.

 

Is there a problem with updates on ewido 3.5 beta because mine is stuck at db version #1306, with Last Update of 02/06/2005 (Known threats 162.603). When I update it keeps telling me No update available.

BTW, why is a '.' used as the separator instead of a ',' ? My system default is a ','.

 

I think there is some problem on how Ewido 3.5 counts the updates. I had db version #1306 too but I went and looked in the signature folder in the Ewido Security folder, I see 6 files 1305.dat, 1306.dat, 1307.sig, 1308.sig, 1309.sig, and 1310.sig.

I guess for some reason Ewido 3.5 counts the dat files but does not count the sig files. Maybe Fish can say why this is.


Starrob

 

3.5 beta does seem to have some weird CPU activity. I'm not sure it plays well with pc-cillin. The unusual behavior is occuring less than 5% of the time so I'm just watching it for now. After all it is a beta. No false advertising.

 

The ewido already scans and prevent rootkits or this will be available in the next version?

 

One more "Complete System Scan" with the default settings more "Scan every file" enable...

Scan report_20050606.txt.txt

 

fish25,

it's possible to:
1. add an option to SKIP the file that the scanner is checking?
2. add an option to ask an action for the infected files at the end of the scan?

Thanks

 

-> 3.6

 

Great!

 

I made another scan, but without the Heuristics enable, and still get the items reported as Heuristic.Suspicious-Zip?

Is this a bug?

 

I have installed the program again too...just like it too much, I guess

I also disabled the heuristics scan but still Ewido finds countless cookies, which Counterspy doesn't do and Crap Cleaner also doesn't do... They are all in the firefox directory so it seems. Maybe a bit too much form Ewido?

 

considered HijackThis as malware - with #1306 database - full scan

 

1. ewido, not edwido
2. it doesn't, at least not when I tested...

could you please recheck? which version btw.? detected as what?

 

it's a TYPO - so what. You think it's going to confuse anyone? I fixed it.

I'll edit this post after I run it again.

*edit - sorry, I did not think that to be that erroneous to be pointed out (perhaps if I stated "CounterSpy" reported it). But anyway, I was incorrect about HijackThis, It was CWShredder 15901 (old - new version is 20000). I'll update and run EWIDO again with new post. I do think, however, it's useless to scan for all those common cookies as they come right back when visiting some popular message boards.

http://img80.echo.cx/img80/6776/found7sr.jpg

 

no prob but I'm reading it everyday