KIS 2011 PDM - detected SbieCtrl.exe as Trojan.Win32.Generic

FP?

Anyway I trust Sandboxie so i removed it from Quarantine.

Anybody experience this issue?

 

try to check with VirusTotal and send the file to Kaspersky

 

If it's from PDM it's a behavioral detection and not a "FP". If it happens again you could add SbieCtrl.exe to exclusions I think.

 

Sandboxie don't need exclusion to work properly. Moreover, it is automatically grouped under Trusted programs in HIPS

 

Hmm, for me KIS just detected C:\Windows\system32\svchost.exe as PDM:Trojan.Win32.Generic, anyone else seeing this? Afaik KIS shouldn't even monitor trusted applications (svchost.exe and SbieCtrl.exe in fce's case).

 

No. KIS (up-to-date) is running fine here. No PDM detection of svchost. I will suggest to Update (manually initiated) and Critical Area Scan to ensure integrity of the system.

 

No problems here either...
Looking at the posts (including KL forums), seems that the internal PDM/HIPS whitelist imploded for some users. MS signed applications shouldn't trigger PDM detections, nor KSN known/digitally signed programs such as Sandboxie.
Best course of action would be to log a support ticket and provide GSI and traces for the PDM detections.
Does this happen upon boot/login or regular work as well?

 

Happened at the same time when I plugged in my USB stick, I deleted the detection entry and will contact support if it happens again.

While I know that svchost isn't malicious, if it would've been my father or someone else being on the PC he could've deleted svchost.

The system is in good condition.

 

Can you run Sigcheck on svchost and post the output?
(just to make sure)

 

When checking only svchost.exe the window disappears too quickly for me to see the output.

However I checked the whole system32 directory for unsigned files and svchost.exe wasn't listed.