KIS 2011 PDM - detected SbieCtrl.exe as Trojan.Win32.Generic

Discussion in 'other anti-virus software' started by fce, Aug 6, 2010.

Thread Status:
Not open for further replies.
  1. fce

    fce Registered Member

    Joined:
    May 20, 2007
    Posts:
    758
    FP?

    Anyway I trust Sandboxie so i removed it from Quarantine.

    Anybody experience this issue?
     
  2. cupez80

    cupez80 Registered Member

    Joined:
    Jun 28, 2005
    Posts:
    605
    Location:
    Surabaya Indonesia
    try to check with VirusTotal and send the file to Kaspersky
     
  3. Rampastein

    Rampastein Registered Member

    Joined:
    Oct 16, 2009
    Posts:
    290
    If it's from PDM it's a behavioral detection and not a "FP". If it happens again you could add SbieCtrl.exe to exclusions I think.
     
  4. Boyfriend

    Boyfriend Registered Member

    Joined:
    Jun 7, 2010
    Posts:
    1,070
    Location:
    Pakistan
    Sandboxie don't need exclusion to work properly. Moreover, it is automatically grouped under Trusted programs in HIPS
     
  5. Rampastein

    Rampastein Registered Member

    Joined:
    Oct 16, 2009
    Posts:
    290
    Hmm, for me KIS just detected C:\Windows\system32\svchost.exe as PDM:Trojan.Win32.Generic, anyone else seeing this? Afaik KIS shouldn't even monitor trusted applications (svchost.exe and SbieCtrl.exe in fce's case).
     
    Last edited: Aug 7, 2010
  6. Boyfriend

    Boyfriend Registered Member

    Joined:
    Jun 7, 2010
    Posts:
    1,070
    Location:
    Pakistan
    No. KIS (up-to-date) is running fine here. No PDM detection of svchost. I will suggest to Update (manually initiated) and Critical Area Scan to ensure integrity of the system.
     
  7. 3x0gR13N

    3x0gR13N Registered Member

    Joined:
    May 1, 2008
    Posts:
    754
    No problems here either...
    Looking at the posts (including KL forums), seems that the internal PDM/HIPS whitelist imploded for some users. MS signed applications shouldn't trigger PDM detections, nor KSN known/digitally signed programs such as Sandboxie.
    Best course of action would be to log a support ticket and provide GSI and traces for the PDM detections.
    Does this happen upon boot/login or regular work as well?
     
  8. Rampastein

    Rampastein Registered Member

    Joined:
    Oct 16, 2009
    Posts:
    290
    Happened at the same time when I plugged in my USB stick, I deleted the detection entry and will contact support if it happens again.

    While I know that svchost isn't malicious, if it would've been my father or someone else being on the PC he could've deleted svchost.

    The system is in good condition.
     
    Last edited: Aug 7, 2010
  9. 3x0gR13N

    3x0gR13N Registered Member

    Joined:
    May 1, 2008
    Posts:
    754
    Can you run Sigcheck on svchost and post the output?
    (just to make sure)
     
  10. Rampastein

    Rampastein Registered Member

    Joined:
    Oct 16, 2009
    Posts:
    290
    When checking only svchost.exe the window disappears too quickly for me to see the output.

    However I checked the whole system32 directory for unsigned files and svchost.exe wasn't listed.
     
Loading...
Thread Status:
Not open for further replies.