You are talking about NTP or TIE or ATD (Sandbox)?
Check the Framework Assembly Blog/Forum Entrys from us that is the SAME question:
Maybe THAT will be solved on TIE/ATD with a new pattern or detection soon.
Going in every detection and adding the new HXTSR.EXE hash to the Known Trusted list in TIE. Question is, why can't Microsoft sign their software with a certificate on a consistent basis?
It gets to the point you just want to exclude it because of the annoyance.