False positve with ESS

Discussion in 'ESET Smart Security' started by bodgy, Oct 25, 2009.

Thread Status:
Not open for further replies.
  1. bodgy

    bodgy Registered Member

    ESS is reporting a threat from the Kov website for their DeX application which doesn't exist.

    This has been occuring since Friday 23/10/2009 and occurs when the download begins.

    There is no actual threat in the download.

    The log contents.

    <?xml version="1.0" encoding="utf-8" ?>
    - <ESET>
    - <LOG>
    - <RECORD>
    - <COLUMN NAME="Time">
    <DATE>25/10/2009</DATE>
    <TIME>9:26:55 AM</TIME>
    </COLUMN>
    <COLUMN NAME="Scanner">HTTP filter</COLUMN>
    <COLUMN NAME="Object">file</COLUMN>
    <COLUMN NAME="Name">http://kov.com/download/dex/Application Files/AutoTRAX_1_0_0_495/ELECTRA.exe.deploy</COLUMN>
    <COLUMN NAME="Threat">probably a variant of Win32/Statik potentially unwanted application</COLUMN>
    <COLUMN NAME="Action" />
    <COLUMN NAME="User">bodgy-PC\bodgy</COLUMN>
    <COLUMN NAME="Information">Threat was detected upon access to web by the application: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dfsvc.exe.</COLUMN>
    </RECORD>
    </LOG>
    </ESET>

    Colin
     
    bodgy, Oct 25, 2009
    #1
  2. Marcos

    Marcos Eset Staff Account

    The application most likely uses malware-like obfuscation techniques. We'll check it out and whitelist it if it's actually clean.
     
    Marcos, Oct 25, 2009
    #2
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice