New 5711 still has the SpywareBlaster FP.

Acadia

Acadia--I've now tested myself and I don't confirm that.

Can you double check the actual definition files present on your
machine--here's what they look like on mine:
-------------------------------------------------------------------------
04/21/2005 12:13 AM 2,309,022 gcThreatAuditScanData.gcd
04/22/2005 06:46 PM 1,320,692 gcThreatAuditThreatData.gcd

Detailed File Analysis
Display name: gcThreatAuditThreatData.gcd
Name: gcThreatAuditThreatData.gcd
Publisher: Unspecified
Path: D:\Program Files\Microsoft AntiSpyware\gcThreatAuditThreatData.gcd
Size: 1320692 bytes
Create date: Friday April 15, 2005
Access date: Saturday April 23, 2005
Modified date: Friday April 22, 2005

MD5: b14f9714dec123e0194f7febd9d09c57

Detailed File Analysis
Display name: gcThreatAuditScanData.gcd
Name: gcThreatAuditScanData.gcd
Publisher: Unspecified
Path: D:\Program Files\Microsoft AntiSpyware\gcThreatAuditScanData.gcd
Size: 2309022 bytes
Create date: Friday April 15, 2005
Access date: Saturday April 23, 2005
Modified date: Thursday April 21, 2005

MD5: 71790386817e73328e9cb157119e01cd

--
FAQ for Microsoft Antispyware:
http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm

"Acadia" <(E-Mail Removed)> wrote in message
news:18f701c5479f$4e3622b0$(E-Mail Removed)...
> New 5711 still has the SpywareBlaster FP.
>
> Acadia

Bill-

I just downloaded 5711 and ran it and got FP again.

I don't know how to do a detailed file analysis, but the ThreatData file I
have is a few bytes larger.
CT


"Bill Sanderson" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Acadia--I've now tested myself and I don't confirm that.
>
> Can you double check the actual definition files present on your
> machine--here's what they look like on mine:
> -------------------------------------------------------------------------
> 04/21/2005 12:13 AM 2,309,022 gcThreatAuditScanData.gcd
> 04/22/2005 06:46 PM 1,320,692 gcThreatAuditThreatData.gcd
>
> Detailed File Analysis
> Display name: gcThreatAuditThreatData.gcd
> Name: gcThreatAuditThreatData.gcd
> Publisher: Unspecified
> Path: D:\Program Files\Microsoft AntiSpyware\gcThreatAuditThreatData.gcd
> Size: 1320692 bytes
> Create date: Friday April 15, 2005
> Access date: Saturday April 23, 2005
> Modified date: Friday April 22, 2005
>
> MD5: b14f9714dec123e0194f7febd9d09c57
>
> Detailed File Analysis
> Display name: gcThreatAuditScanData.gcd
> Name: gcThreatAuditScanData.gcd
> Publisher: Unspecified
> Path: D:\Program Files\Microsoft AntiSpyware\gcThreatAuditScanData.gcd
> Size: 2309022 bytes
> Create date: Friday April 15, 2005
> Access date: Saturday April 23, 2005
> Modified date: Thursday April 21, 2005
>
> MD5: 71790386817e73328e9cb157119e01cd
>
> --
> FAQ for Microsoft Antispyware:
> http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm
>
> "Acadia" <(E-Mail Removed)> wrote in message
> news:18f701c5479f$4e3622b0$(E-Mail Removed)...
>> New 5711 still has the SpywareBlaster FP.
>>
>> Acadia
>
>

The detailed analysis is from Microsoft Antispyware, tools, advanced tools,
advanced file analyzer (Dang this program is advanced......)

I'd recommend deleting both definition files and watching to see what
happens.

--
FAQ for Microsoft Antispyware:
http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm

"Cycloid Torus" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> Bill-
>
> I just downloaded 5711 and ran it and got FP again.
>
> I don't know how to do a detailed file analysis, but the ThreatData file I
> have is a few bytes larger.
> CT
>
>
> "Bill Sanderson" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> Acadia--I've now tested myself and I don't confirm that.
>>
>> Can you double check the actual definition files present on your
>> machine--here's what they look like on mine:
>> -------------------------------------------------------------------------
>> 04/21/2005 12:13 AM 2,309,022 gcThreatAuditScanData.gcd
>> 04/22/2005 06:46 PM 1,320,692 gcThreatAuditThreatData.gcd
>>
>> Detailed File Analysis
>> Display name: gcThreatAuditThreatData.gcd
>> Name: gcThreatAuditThreatData.gcd
>> Publisher: Unspecified
>> Path: D:\Program Files\Microsoft AntiSpyware\gcThreatAuditThreatData.gcd
>> Size: 1320692 bytes
>> Create date: Friday April 15, 2005
>> Access date: Saturday April 23, 2005
>> Modified date: Friday April 22, 2005
>>
>> MD5: b14f9714dec123e0194f7febd9d09c57
>>
>> Detailed File Analysis
>> Display name: gcThreatAuditScanData.gcd
>> Name: gcThreatAuditScanData.gcd
>> Publisher: Unspecified
>> Path: D:\Program Files\Microsoft AntiSpyware\gcThreatAuditScanData.gcd
>> Size: 2309022 bytes
>> Create date: Friday April 15, 2005
>> Access date: Saturday April 23, 2005
>> Modified date: Thursday April 21, 2005
>>
>> MD5: 71790386817e73328e9cb157119e01cd
>>
>> --
>> FAQ for Microsoft Antispyware:
>> http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm
>>
>> "Acadia" <(E-Mail Removed)> wrote in message
>> news:18f701c5479f$4e3622b0$(E-Mail Removed)...
>>> New 5711 still has the SpywareBlaster FP.
>>>
>>> Acadia
>>
>>
>
>

Nevermind, I was using the old original version of Beta.
Once I installed the 1.0.509, then downloaded the 5711, all
is well.

Acadia

So I deleted both def files. Checked my program v("1.0.509") and tried
update. So after 3 "updates" it rebuilt gcThreatAuditThreatData.gcd to
stated size but not same MD5
Name: gcThreatAuditThreatData.gcd

Publisher: Unspecified

Path: C:\Program Files\Microsoft AntiSpyware\gcThreatAuditThreatData.gcd

Size: 1321840 bytes

Create date: Saturday April 23, 2005

Access date: Saturday April 23, 2005

Modified date: Thursday April 21, 2005

MD5: cb9b282afa7217e170b8f608279fafc2




; did not rebuild gcThreatAuditScanData.gcd which is a poor puny thing now:
Name: gcThreatAuditScanData.gcd

Publisher: Unspecified

Path: C:\Program Files\Microsoft AntiSpyware\gcThreatAuditScanData.gcd

Size: 578 bytes

Create date: Saturday April 23, 2005

Access date: Saturday April 23, 2005

Modified date: Saturday April 23, 2005

MD5: 1ff58fa64f36df5f1b5f671bc1384bce


Ran SCAN anyway - no FP - of course if your def file is a puny thing, maybe
there can't be a FP.

: ) CT


"Bill Sanderson" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> The detailed analysis is from Microsoft Antispyware, tools, advanced
> tools, advanced file analyzer (Dang this program is advanced......)
>
> I'd recommend deleting both definition files and watching to see what
> happens.
>
> --
> FAQ for Microsoft Antispyware:
> http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm
>
> "Cycloid Torus" <(E-Mail Removed)> wrote in message
> news:%(E-Mail Removed)...
>> Bill-
>>
>> I just downloaded 5711 and ran it and got FP again.
>>
>> I don't know how to do a detailed file analysis, but the ThreatData file
>> I have is a few bytes larger.
>> CT
>>
>>
>> "Bill Sanderson" <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed)...
>>> Acadia--I've now tested myself and I don't confirm that.
>>>
>>> Can you double check the actual definition files present on your
>>> machine--here's what they look like on mine:
>>> -------------------------------------------------------------------------
>>> 04/21/2005 12:13 AM 2,309,022 gcThreatAuditScanData.gcd
>>> 04/22/2005 06:46 PM 1,320,692 gcThreatAuditThreatData.gcd
>>>
>>> Detailed File Analysis
>>> Display name: gcThreatAuditThreatData.gcd
>>> Name: gcThreatAuditThreatData.gcd
>>> Publisher: Unspecified
>>> Path: D:\Program Files\Microsoft AntiSpyware\gcThreatAuditThreatData.gcd
>>> Size: 1320692 bytes
>>> Create date: Friday April 15, 2005
>>> Access date: Saturday April 23, 2005
>>> Modified date: Friday April 22, 2005
>>>
>>> MD5: b14f9714dec123e0194f7febd9d09c57
>>>
>>> Detailed File Analysis
>>> Display name: gcThreatAuditScanData.gcd
>>> Name: gcThreatAuditScanData.gcd
>>> Publisher: Unspecified
>>> Path: D:\Program Files\Microsoft AntiSpyware\gcThreatAuditScanData.gcd
>>> Size: 2309022 bytes
>>> Create date: Friday April 15, 2005
>>> Access date: Saturday April 23, 2005
>>> Modified date: Thursday April 21, 2005
>>>
>>> MD5: 71790386817e73328e9cb157119e01cd
>>>
>>> --
>>> FAQ for Microsoft Antispyware:
>>> http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm
>>>
>>> "Acadia" <(E-Mail Removed)> wrote in message
>>> news:18f701c5479f$4e3622b0$(E-Mail Removed)...
>>>> New 5711 still has the SpywareBlaster FP.
>>>>
>>>> Acadia
>>>
>>>
>>
>>
>
>

I wouldn't blame it on the old version--yours was one of 4 that I know of
that had similar problems. Glad you got it fixed.

--
FAQ for Microsoft Antispyware:
http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm

<(E-Mail Removed)> wrote in message
news:0a6201c547a8$8e2870e0$(E-Mail Removed)...
> Nevermind, I was using the old original version of Beta.
> Once I installed the 1.0.509, then downloaded the 5711, all
> is well.
>
> Acadia

So, after a night's sleep, running update rebuilt gcThreatAuditScanData.gcd.
However, I am unclear why it would be 239 bytes larger than Bill's file
(detail below). Full scan repots that it is "clean" and no FP. Other 2
machines also cleared the FP with successful 5711s from late last night.
They have the 239 byte larger gcThreatAuditScanData.gcd as well.

I noted a significant change in the update site's responsiveness this AM
from last PM. Instead of many hesitations, the update session this AM took
less than 1 minute (and seemed to fully utilize my cable connection for
once).

While 5709 might have had a FP, could the rest of the difficulties been
caused or abetted by bad cache somewhere (if update to 5711 was only
partial? seemed so). If it is not a program issue or a definition issue, but
rather equpment or cache, how might we tell? It would be rather a waste of
"beta effort" (like my 4 hours) if it is a bad server or an incomplete
mirror refresh.

I raise this because of the difference in file size, the difference in the
checksum (I'm guessing that is what MD5 is - if I am wrong, please correct
me), the hesitations in the update routine, the breakdown in the file
refresh after I clobbered the 2 def files (see below about the 97 pound
weakling file I kept on getting).


Detailed File Analysis

Display name: gcThreatAuditScanData.gcd

Name: gcThreatAuditScanData.gcd

Publisher: Unspecified

Path: C:\Program Files\Microsoft AntiSpyware\gcThreatAuditScanData.gcd

Size: 2309261 bytes

Create date: Saturday April 23, 2005

Access date: Saturday April 23, 2005

Modified date: Friday April 22, 2005

MD5: e2fc466755d5ae4b6082a15fc31cb68e

"Cycloid Torus" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> So I deleted both def files. Checked my program v("1.0.509") and tried
> update. So after 3 "updates" it rebuilt gcThreatAuditThreatData.gcd to
> stated size but not same MD5
> Name: gcThreatAuditThreatData.gcd
>
> Publisher: Unspecified
>
> Path: C:\Program Files\Microsoft AntiSpyware\gcThreatAuditThreatData.gcd
>
> Size: 1321840 bytes
>
> Create date: Saturday April 23, 2005
>
> Access date: Saturday April 23, 2005
>
> Modified date: Thursday April 21, 2005
>
> MD5: cb9b282afa7217e170b8f608279fafc2
>
>
>
>
> ; did not rebuild gcThreatAuditScanData.gcd which is a poor puny thing
> now:
> Name: gcThreatAuditScanData.gcd
>
> Publisher: Unspecified
>
> Path: C:\Program Files\Microsoft AntiSpyware\gcThreatAuditScanData.gcd
>
> Size: 578 bytes
>
> Create date: Saturday April 23, 2005
>
> Access date: Saturday April 23, 2005
>
> Modified date: Saturday April 23, 2005
>
> MD5: 1ff58fa64f36df5f1b5f671bc1384bce
>
>
> Ran SCAN anyway - no FP - of course if your def file is a puny thing,
> maybe there can't be a FP.
>
> : ) CT
>
>
> "Bill Sanderson" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> The detailed analysis is from Microsoft Antispyware, tools, advanced
>> tools, advanced file analyzer (Dang this program is advanced......)
>>
>> I'd recommend deleting both definition files and watching to see what
>> happens.
>>
>> --
>> FAQ for Microsoft Antispyware:
>> http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm
>>
>> "Cycloid Torus" <(E-Mail Removed)> wrote in message
>> news:%(E-Mail Removed)...
>>> Bill-
>>>
>>> I just downloaded 5711 and ran it and got FP again.
>>>
>>> I don't know how to do a detailed file analysis, but the ThreatData file
>>> I have is a few bytes larger.
>>> CT
>>>
>>>
>>> "Bill Sanderson" <(E-Mail Removed)> wrote in message
>>> news:(E-Mail Removed)...
>>>> Acadia--I've now tested myself and I don't confirm that.
>>>>
>>>> Can you double check the actual definition files present on your
>>>> machine--here's what they look like on mine:
>>>> -------------------------------------------------------------------------
>>>> 04/21/2005 12:13 AM 2,309,022 gcThreatAuditScanData.gcd
>>>> 04/22/2005 06:46 PM 1,320,692 gcThreatAuditThreatData.gcd
>>>>
>>>> Detailed File Analysis
>>>> Display name: gcThreatAuditThreatData.gcd
>>>> Name: gcThreatAuditThreatData.gcd
>>>> Publisher: Unspecified
>>>> Path: D:\Program Files\Microsoft
>>>> AntiSpyware\gcThreatAuditThreatData.gcd
>>>> Size: 1320692 bytes
>>>> Create date: Friday April 15, 2005
>>>> Access date: Saturday April 23, 2005
>>>> Modified date: Friday April 22, 2005
>>>>
>>>> MD5: b14f9714dec123e0194f7febd9d09c57
>>>>
>>>> Detailed File Analysis
>>>> Display name: gcThreatAuditScanData.gcd
>>>> Name: gcThreatAuditScanData.gcd
>>>> Publisher: Unspecified
>>>> Path: D:\Program Files\Microsoft AntiSpyware\gcThreatAuditScanData.gcd
>>>> Size: 2309022 bytes
>>>> Create date: Friday April 15, 2005
>>>> Access date: Saturday April 23, 2005
>>>> Modified date: Thursday April 21, 2005
>>>>
>>>> MD5: 71790386817e73328e9cb157119e01cd
>>>>
>>>> --
>>>> FAQ for Microsoft Antispyware:
>>>> http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm
>>>>
>>>> "Acadia" <(E-Mail Removed)> wrote in message
>>>> news:18f701c5479f$4e3622b0$(E-Mail Removed)...
>>>>> New 5711 still has the SpywareBlaster FP.
>>>>>
>>>>> Acadia
>>>>
>>>>
>>>
>>>
>>
>>
>
>

"Cycloid Torus" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> So, after a night's sleep, running update rebuilt
> gcThreatAuditScanData.gcd. However, I am unclear why it would be 239 bytes
> larger than Bill's file (detail below). Full scan repots that it is
> "clean" and no FP. Other 2 machines also cleared the FP with successful
> 5711s from late last night. They have the 239 byte larger
> gcThreatAuditScanData.gcd as well.
>
> I noted a significant change in the update site's responsiveness this AM
> from last PM. Instead of many hesitations, the update session this AM took
> less than 1 minute (and seemed to fully utilize my cable connection for
> once).
>
> While 5709 might have had a FP, could the rest of the difficulties been
> caused or abetted by bad cache somewhere (if update to 5711 was only
> partial? seemed so). If it is not a program issue or a definition issue,
> but rather equpment or cache, how might we tell? It would be rather a
> waste of "beta effort" (like my 4 hours) if it is a bad server or an
> incomplete mirror refresh.
>
> I raise this because of the difference in file size, the difference in the
> checksum (I'm guessing that is what MD5 is - if I am wrong, please correct
> me), the hesitations in the update routine, the breakdown in the file
> refresh after I clobbered the 2 def files (see below about the 97 pound
> weakling file I kept on getting).

I'm not ready to go back and dig into the nitty gritty of the file sizes and
checksums at this late date, I'm afraid. I think the point you raise is
important, and I suspect Microsoft and Giant before them are well aware of
it.

An antivirus app or antispyware app can be "attack surface" in a system if
the definition process can be subverted. Read some of the fuss surrounding
Trend Micro's definition problems over last weekend to see what can
happen--and in that case it was their own doing,

If the caches are causing the files to not be received properly, the update
shouldn.t happen and the old definitions remain in force, I'd think--but I'm
not sure your evidence here indicates that as the current behavior.

I think that you may be correct, though I am still puzzled how one file
could update to 5711 and not the other (but it is a Beta, so I haven't
quarantined my entire computer), but I wish there was a way in which we
could really tell if the "cop on the beat" was real or not. Palladium seems
to be headed that way - if so, worth the cost of upgrade.

"Bill Sanderson" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> "Cycloid Torus" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> So, after a night's sleep, running update rebuilt
>> gcThreatAuditScanData.gcd. However, I am unclear why it would be 239
>> bytes larger than Bill's file (detail below). Full scan repots that it is
>> "clean" and no FP. Other 2 machines also cleared the FP with successful
>> 5711s from late last night. They have the 239 byte larger
>> gcThreatAuditScanData.gcd as well.
>>
>> I noted a significant change in the update site's responsiveness this AM
>> from last PM. Instead of many hesitations, the update session this AM
>> took less than 1 minute (and seemed to fully utilize my cable connection
>> for once).
>>
>> While 5709 might have had a FP, could the rest of the difficulties been
>> caused or abetted by bad cache somewhere (if update to 5711 was only
>> partial? seemed so). If it is not a program issue or a definition issue,
>> but rather equpment or cache, how might we tell? It would be rather a
>> waste of "beta effort" (like my 4 hours) if it is a bad server or an
>> incomplete mirror refresh.
>>
>> I raise this because of the difference in file size, the difference in
>> the checksum (I'm guessing that is what MD5 is - if I am wrong, please
>> correct me), the hesitations in the update routine, the breakdown in the
>> file refresh after I clobbered the 2 def files (see below about the 97
>> pound weakling file I kept on getting).
>
> I'm not ready to go back and dig into the nitty gritty of the file sizes
> and checksums at this late date, I'm afraid. I think the point you raise
> is important, and I suspect Microsoft and Giant before them are well aware
> of it.
>
> An antivirus app or antispyware app can be "attack surface" in a system if
> the definition process can be subverted. Read some of the fuss
> surrounding Trend Micro's definition problems over last weekend to see
> what can happen--and in that case it was their own doing,
>
> If the caches are causing the files to not be received properly, the
> update shouldn.t happen and the old definitions remain in force, I'd
> think--but I'm not sure your evidence here indicates that as the current
> behavior.
>
>