KIS 2011 PDM - detected SbieCtrl.exe as Trojan.Win32.Generic

Discussion in 'other anti-virus software' started by fce, Aug 6, 2010.

Thread Status:
Not open for further replies.
  1. fce

    fce Registered Member

    Joined:
    May 20, 2007
    Posts:
    758
    FP?

    Anyway I trust Sandboxie so i removed it from Quarantine.

    Anybody experience this issue?
     
  2. cupez80

    cupez80 Registered Member

    Joined:
    Jun 28, 2005
    Posts:
    609
    Location:
    Surabaya Indonesia
    try to check with VirusTotal and send the file to Kaspersky
     
  3. Rampastein

    Rampastein Registered Member

    Joined:
    Oct 16, 2009
    Posts:
    290
    If it's from PDM it's a behavioral detection and not a "FP". If it happens again you could add SbieCtrl.exe to exclusions I think.
     
  4. Boyfriend

    Boyfriend Registered Member

    Joined:
    Jun 7, 2010
    Posts:
    1,070
    Location:
    Pakistan
    Sandboxie don't need exclusion to work properly. Moreover, it is automatically grouped under Trusted programs in HIPS
     
  5. Rampastein

    Rampastein Registered Member

    Joined:
    Oct 16, 2009
    Posts:
    290
    Hmm, for me KIS just detected C:\Windows\system32\svchost.exe as PDM:Trojan.Win32.Generic, anyone else seeing this? Afaik KIS shouldn't even monitor trusted applications (svchost.exe and SbieCtrl.exe in fce's case).
     
    Last edited: Aug 7, 2010
  6. Boyfriend

    Boyfriend Registered Member

    Joined:
    Jun 7, 2010
    Posts:
    1,070
    Location:
    Pakistan
    No. KIS (up-to-date) is running fine here. No PDM detection of svchost. I will suggest to Update (manually initiated) and Critical Area Scan to ensure integrity of the system.
     
  7. 3x0gR13N

    3x0gR13N Registered Member

    Joined:
    May 1, 2008
    Posts:
    791
    No problems here either...
    Looking at the posts (including KL forums), seems that the internal PDM/HIPS whitelist imploded for some users. MS signed applications shouldn't trigger PDM detections, nor KSN known/digitally signed programs such as Sandboxie.
    Best course of action would be to log a support ticket and provide GSI and traces for the PDM detections.
    Does this happen upon boot/login or regular work as well?
     
  8. Rampastein

    Rampastein Registered Member

    Joined:
    Oct 16, 2009
    Posts:
    290
    Happened at the same time when I plugged in my USB stick, I deleted the detection entry and will contact support if it happens again.

    While I know that svchost isn't malicious, if it would've been my father or someone else being on the PC he could've deleted svchost.

    The system is in good condition.
     
    Last edited: Aug 7, 2010
  9. 3x0gR13N

    3x0gR13N Registered Member

    Joined:
    May 1, 2008
    Posts:
    791
    Can you run Sigcheck on svchost and post the output?
    (just to make sure)
     
  10. Rampastein

    Rampastein Registered Member

    Joined:
    Oct 16, 2009
    Posts:
    290
    When checking only svchost.exe the window disappears too quickly for me to see the output.

    However I checked the whole system32 directory for unsigned files and svchost.exe wasn't listed.
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.