since the last update I've got the following problem:
My Security Center identifies a trojan (generic dropper!bpi) in a file (ragnawatch2.exe). But there is no trojan in this file.
So, Security Center puts it under quarantine. When I deactivate the Virusscan, I can restore the file but after reactivating the Scan, it's putted under qurantine again immediatly.
I tried to allow this file to use all incoming and outgoing internet connections, but Security Center deletes this settings when putting it back under quarantine.
I contacted the customer support and it told me to send in the file to the WebImmune labs.
The conclusion of the analysis is, that the file contains a trojan and can be deleted by Virusscan.
So, is there any way to hinder Security Center putting this file under quarantine?
Nachricht geändert durch Sebstar on 16.01.10 04:45:58 CSTMessage was edited by: Samantha Price - please don't attach samples to this community even if you strongly believe them to be a false detection. Thanks. on 1/16/10 5:59:48 AM CST
Solved! Go to Solution.
I don't think he can do the exclusion as the home products can only ignore a file if it's identified as a PUP, something we have been asking to see improvements on for years.
Sorry, but this doesn't help me.
I already sent the file to webimmune labs and the analysis doesn't helped me.
And the file isn't marked as "Artemis".
Read it again, it isn't just for those labelled Artemis. How did you submit the sample? Did you get an emailed response saying it was an infection, if so did you reply disputing the findings?
Try submitting it using the email method and the header FALSE.
Ok, I sent the name of the virus with "false" to the mailadress.
The response told me, to send in the file to webimmune labs (what I already did before).
The analysis of the file has come to the same result:
The file is infected with a trojan (generic dropper!bpi) and can be deleted with Virusscan.
Disputing such findings can be time-consuming and frustrating (... been there and have done that ). What the original posting makes a strong case for is "whitelisting". This has been mentioned before, discussed to some extent, pled to the developers and the only thing close to a "whitelist" is the trusting of PUP's ("Potentially Unwanted Programs").
The end user (customer) is the ultimate decision maker as to keeping, quarantining or removing anything on their PC. Every once in a while, some new product or (especially) a game comes out, and the installed Anti-virus kicks out "Trojan" or worse, quarantining the offending programs or files. As a result, the user must attempt a restore, only to have the AV repeat the process. The end-effect is the new software or game is either rendered unusable while an authority reviews the offending program or file, or the user must deactivate the AV to use the product or game. Neither of these recourses are particularly desirable, and absent a "whitelist" capability, the AV deactivation renders the entire PC exposed to mischief (or worse).
There is nothing inherently wrong with any Anti-virus/anti-spyware/anti-malware/anti-anything detecting a potential (or real) problem, and advising the user as to a suggested course of action. A whitelist capability allows the ability to override (for good or bad) the recommendations.
As for the OP's specific problem, do keep sending it back.
I've found that it can be frustrating but eventually works as a rule. It took them 4 days to send me an extra.dat the last time it happened.
almost 14 days are gone and nothing happend.
I send the file to McAfee and they still give me the information, that it contains the trojan.
You were right, it's very frustrating.