Showing results for 
Search instead for 
Did you mean: 
Level 7

Word "autosave" .asd files quarantined as 'low risk' exploit - false positive?

Security Centre is marking automatic backups [autosave .asd files] from Word 2010 as an exploit and put into quarantine. ["Exploit-MSWORD.a" ] As described by someone else here: and perhaps same issue here: . The actual word file reads clean but the temporary auto-backups are detected as the exploit mentioned on those forums. Separate scans of the files with other virusscanners turn up nothing. Looks to be a false positive (or maybe the detection is not anyway for an actual virus but just a situation where a virus could take advantage?)

I use the very common Thomson Endnote citation software which integrates with Word and creates links in the documents to the database of citation references, so I wonder if this is something that McAfee finds suspicious.

Over the past few weeks I have been sending the quarantined files to McAfee through the Security Center as they are detected, but would like some self-help in the short-term as I'm in the last days of working on my PhD and am worried that this may screw up something important in the files for my PhD.

I thought I would be able somehow to exclude these files, the directory, or the 'exploit' from McAfee, i.e. by putting in the 'trusted' list, but there seems to be no way to do this.

So to sum up, the question is: how can I exclude these files, the directory, or the exploit from future scans. If McAfee puts them in quarantine I'm assuming they won't be in the right place for word to restore them if it crashes for any reason and that is obviously a problem!

In the short-term I will turn on automatic scans as McAfee doesn't seem to do this other than when it runs a system scan.

thanks for any help on how to put things on the trusted list!


Message was edited by: mattpollard on 30/09/11 17:23:39 CDT
0 Kudos
1 Reply
Level 21

Re: Word "autosave" .asd files quarantined as 'low risk' exploit - false positive?

I moved this to the Artemis section of Security Awareness where someone form that department is most likely to spot it.

Meanwhile I suggest following the steps outlined in the link below to temporarily disable VirusScan, restore the files and report them to the McAfee Labs.

Those steps should work whether or not this an Artemis detction or a regular one.

You are right by assuming they wont be there when Word tries to restore them as by Quarantining them they are now encrypted.

Only restoring them from Quarantine will make them available again.

Message was edited by: Ex_Brit on 01/10/11 6:23:29 EDT AM
0 Kudos