Visual Studio 2010 help agent generares an FP.

Discussion in 'Prevx Releases' started by Geri, May 18, 2010.

Thread Status:
Not open for further replies.
  1. Geri

    Geri Registered Member

    Joined:
    May 18, 2010
    Posts:
    41
    Hi all. I've already reported this to reporting@prevx.com, but it's a bit more complex than a false positive. Maybe this story helps someone, who may also have ran in the same situation.

    The problem occurs with Visual Studio 2010 installed with the help set to local.

    What happens is this: when you start help from Visual Studio 2010, the system launches the HelpLibraryAgent. The first thing that does, is generate source files in the temp directory, which are compiled into a DLL, which is used by HelpAgentLibrary itself as soon as it has compiled. It's a random name (probably to solve potential hijacking). However, PrevX detects it, falsely, as Win32/Heur.

    The situation is reproducible on other computers with the above installed.
    Detection override on the temp directory still causes an email alert to be send by PrevX...

    A workaround is to use the online help, which retrieves the help pages from Microsoft itself.

    Kind regards,

    Geri
     
  2. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    Thanks for both, reporting it and workaround
     
  3. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,014
    Location:
    Ontario, Canada
    Hi Geri and welcome to the Official Prevx Support forum!

    Thanks for the info but did you send to this address reporting@prevx.com? It should be this one report@prevxresearch.com as stated in this post: https://www.wilderssecurity.com/showthread.php?t=245129 or there support inbox: http://info.prevx.com/service.asp

    HTH,

    TH
     
  4. Geri

    Geri Registered Member

    Joined:
    May 18, 2010
    Posts:
    41
    Re: Visual Studio 2010 help agent generates an FP.

    Hi Triple Helix, and thanks.

    I did send it to report@prevxresearch.com (including logs and the generated source code by Visual Studio). Sorry for my mistake in the post...

    Should I send it additionally via the webform? I'm asking, since there are some attachments, including the generated source code and the make files.

    Kind regards,

    Geri
     
  5. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,014
    Location:
    Ontario, Canada
    Re: Visual Studio 2010 help agent generates an FP.

    One place is fine report@prevxresearch.com as you don't want multiple support agents working on the same problem and if they need additional info they will contact you via the email address you used!

    TH
     
    Last edited: May 18, 2010
Thread Status:
Not open for further replies.