Discussion in 'other anti-malware software' started by SG1, Aug 13, 2006.
One of two screencaps:
Second of two screencaps:
Would I assume correctly that SAS stands for SUPERAntiSpyware
As you may know....the 2 imrworldwide entries are associated with Red Sheriff/RedMeasure badware and the 2 diamondcs entries are associated with the Official home site of DiamondCS products....makers of Process Guard, Port Explorer....etc. Whether they are FP's would hinge on what other info could be shared in regards to how the finds were labeled ?
If you have the DiamondCS entries in your Trusted Zone then yes I would say they are FP's.
In regards to the imrworldwide entries....if one uses IE-Spyad, Spywareblasters Restricted Site protection, manually added that entry to IE's Restricted Zone etc,....then I would have to say yes they are FP's in regards to valid entries placed in the appropriate Internet Explorer location for Restricted Zone entries.
Hello - we are aware of a rare issue with ZoneMap Domains such as .com.au being detecting incorrectly and this will be resolved in our next release which will occur shortly.
I am sorry for any inconvenience this may have caused.
An additional question would be what Definition Database Version are you showing via the program
As a test and to make doubly sure....I have now added imrworldwide.com.au as an IE Restricted Zone entry for the CurrentUser and the item was not flagged in either the HKCU nor it's associated HKU registry key....with the latest database update of Core Definitions 3050\Trace Definitions 1098
However....on a hunch I then changed the HKUser imrworldwide.com.au entry from a 4 to a Dword value of 2 which then signifies a Trusted Zone entry and SAS did then flag that entry.
Long way round the barn....I would suggest looking real close at what is or was the 4th user on that machine for possible malware infiltration
I would also suggest doing a registry search for ALL imrworldwide entries and verify none of the Dword values that will be showing in the right hand section for those entries do not have a 0x00000002 Trusted Zone value entry.
If you update to defintions Core : 3052 and Trace : 1099 or higher, those items won't be incorrectly detected.
Please let me know if you have any problems, and thank you for taking the time to report the situtation.
Separate names with a comma.