False positve with ESS

Discussion in 'ESET Smart Security' started by bodgy, Oct 25, 2009.

Thread Status:
Not open for further replies.
  1. bodgy

    bodgy Registered Member

    Joined:
    Sep 22, 2005
    Posts:
    2,387
    Location:
    Qld.
    ESS is reporting a threat from the Kov website for their DeX application which doesn't exist.

    This has been occuring since Friday 23/10/2009 and occurs when the download begins.

    There is no actual threat in the download.

    The log contents.

    <?xml version="1.0" encoding="utf-8" ?>
    - <ESET>
    - <LOG>
    - <RECORD>
    - <COLUMN NAME="Time">
    <DATE>25/10/2009</DATE>
    <TIME>9:26:55 AM</TIME>
    </COLUMN>
    <COLUMN NAME="Scanner">HTTP filter</COLUMN>
    <COLUMN NAME="Object">file</COLUMN>
    <COLUMN NAME="Name">http://kov.com/download/dex/Application Files/AutoTRAX_1_0_0_495/ELECTRA.exe.deploy</COLUMN>
    <COLUMN NAME="Threat">probably a variant of Win32/Statik potentially unwanted application</COLUMN>
    <COLUMN NAME="Action" />
    <COLUMN NAME="User">bodgy-PC\bodgy</COLUMN>
    <COLUMN NAME="Information">Threat was detected upon access to web by the application: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dfsvc.exe.</COLUMN>
    </RECORD>
    </LOG>
    </ESET>

    Colin
     
    bodgy, Oct 25, 2009
    #1
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,456
    The application most likely uses malware-like obfuscation techniques. We'll check it out and whitelist it if it's actually clean.
     
    Marcos, Oct 25, 2009
    #2
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...