False positve with ESS

Discussion in 'ESET Smart Security' started by bodgy, Oct 25, 2009.

Thread Status:
Not open for further replies.
  1. bodgy

    bodgy Registered Member

    Joined:
    Sep 22, 2005
    Posts:
    2,387
    Location:
    Qld.
    ESS is reporting a threat from the Kov website for their DeX application which doesn't exist.

    This has been occuring since Friday 23/10/2009 and occurs when the download begins.

    There is no actual threat in the download.

    The log contents.

    <?xml version="1.0" encoding="utf-8" ?>
    - <ESET>
    - <LOG>
    - <RECORD>
    - <COLUMN NAME="Time">
    <DATE>25/10/2009</DATE>
    <TIME>9:26:55 AM</TIME>
    </COLUMN>
    <COLUMN NAME="Scanner">HTTP filter</COLUMN>
    <COLUMN NAME="Object">file</COLUMN>
    <COLUMN NAME="Name">http://kov.com/download/dex/Application Files/AutoTRAX_1_0_0_495/ELECTRA.exe.deploy</COLUMN>
    <COLUMN NAME="Threat">probably a variant of Win32/Statik potentially unwanted application</COLUMN>
    <COLUMN NAME="Action" />
    <COLUMN NAME="User">bodgy-PC\bodgy</COLUMN>
    <COLUMN NAME="Information">Threat was detected upon access to web by the application: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dfsvc.exe.</COLUMN>
    </RECORD>
    </LOG>
    </ESET>

    Colin
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    The application most likely uses malware-like obfuscation techniques. We'll check it out and whitelist it if it's actually clean.
     
Thread Status:
Not open for further replies.