- Main Page
- News Editions

PC Review

Forums

Microsoft AntiSpyware

Spyware Discussion

False Positives

Reply

False Positives

Rate Thread

06-01-2005, 02:11 PM	#1
Microsoft private Guest Posts: n/a	False Positives I have installed and run Beta 1 on my system. Based on other products (Ad Aware), my own very conservative settings on IE, general safe computing practices, and no symptoms of spyware, I do not believe that I have any spyware on my system. The Beta detected 3 instances of spyware. The first, WinPCap, I had installed, and it correctly said it was a low threat. The system has a cool "always ignore" setting that I will use for WinPCap. The second, EZCyberSearch, was detected in a folder c:\documents and settings\knox\favorites\cool sites. In this folder I have about 30 various URL's and it shows all to be infected. Apparently it doesn't like the word "cool" in the path. I changed the name of the directory and now it doesn't show up. I guess there's no double checking. The third, Network Essentials, is detected in the folder c:\program files\pop which contains a Microsoft Access MDB that I myself created. It seems unlikely that it would contain a Browser hijacker. I don't feel like renaming my application to test it, but I hope that it is not just looking for the word "pop". The "learn more about this threat" link does not currently have any information. So far I find the user interface and installation to be very clean, easy to use, and easy to understand. Knox

06-01-2005, 08:48 PM	#2
Steve Dodson [MSFT] Guest Posts: n/a	RE: False Positives Knox, Thank you for the posting. I have filed 2 bugs that you have found involving the false positives for EZCyberSearch and Network Essentials. The winpcap issue is known. Thanks again for helping us test. - steve Steve Dodson [MSFT] MCSE, CISSP PSS Security - This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the terms specified at http://www.microsoft.com/info/cpyright.htm Note: For the benefit of the community-at-large, all responses to this message are best directed to the newsgroup/thread from which they originated. -------------------- >From: "Microsoft private" <thorn99@REMOVEMEhotmail.com> >Subject: False Positives >Date: Thu, 6 Jan 2005 10:11:14 -0500 >Lines: 28 >X-Priority: 3 >X-MSMail-Priority: Normal >X-Newsreader: Microsoft Outlook Express 6.00.2900.2180 >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 >X-RFC2646: Format=Flowed; Original >Message-ID: <uJFbkIA9EHA.1892@CPMSFTNGSA04.privatenews.microsoft.com> >Newsgroups: microsoft.private.security.spyware.general >NNTP-Posting-Host: 68-64-80-103.atlsfl.adelphia.net 68.64.80.103 >Path: cpmsftngxa10.phx.gbl!cpmsftngsa06.privatenews.microsoft.com!CPMSFTNGSA04.pri vatenews.microsoft.com >Xref: cpmsftngxa10.phx.gbl microsoft.private.security.spyware.general:53 >X-Tomcat-NG: microsoft.private.security.spyware.general > >I have installed and run Beta 1 on my system. Based on other products (Ad >Aware), my own very conservative settings on IE, general safe computing >practices, and no symptoms of spyware, I do not believe that I have any >spyware on my system. The Beta detected 3 instances of spyware. The >first, WinPCap, I had installed, and it correctly said it was a low threat. >The system has a cool "always ignore" setting that I will use for WinPCap. > >The second, EZCyberSearch, was detected in a folder c:\documents and >settings\knox\favorites\cool sites. In this folder I have about 30 various >URL's and it shows all to be infected. Apparently it doesn't like the word >"cool" in the path. I changed the name of the directory and now it doesn't >show up. I guess there's no double checking. > >The third, Network Essentials, is detected in the folder c:\program >files\pop which contains a Microsoft Access MDB that I myself created. It >seems unlikely that it would contain a Browser hijacker. I don't feel like >renaming my application to test it, but I hope that it is not just looking >for the word "pop". The "learn more about this threat" link does not >currently have any information. > >So far I find the user interface and installation to be very clean, easy to >use, and easy to understand. > > >Knox > > > >

07-01-2005, 02:36 AM	#3
Microsoft private Guest Posts: n/a	Re: False Positives Thank you. WinpCap I didn't consider a false positive. Knox ""Steve Dodson [MSFT]"" <stevedod@online.microsoft.com> wrote in message newsZxs7lD9EHA.3200@cpmsftngxa10.phx.gbl... > Knox, > > Thank you for the posting. I have filed 2 bugs that you have found > involving the false positives for EZCyberSearch and Network Essentials. > The > winpcap issue is known. Thanks again for helping us test. > > > - steve > > Steve Dodson [MSFT] > MCSE, CISSP > PSS Security > > > - > > This posting is provided "AS IS" with no warranties, and confers no > rights. > Use of included script samples are subject to the terms specified at > http://www.microsoft.com/info/cpyright.htm > > Note: For the benefit of the community-at-large, all responses to this > message are best directed to the newsgroup/thread from which they > originated. > -------------------- >>From: "Microsoft private" <thorn99@REMOVEMEhotmail.com> >>Subject: False Positives >>Date: Thu, 6 Jan 2005 10:11:14 -0500 >>Lines: 28 >>X-Priority: 3 >>X-MSMail-Priority: Normal >>X-Newsreader: Microsoft Outlook Express 6.00.2900.2180 >>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 >>X-RFC2646: Format=Flowed; Original >>Message-ID: <uJFbkIA9EHA.1892@CPMSFTNGSA04.privatenews.microsoft.com> >>Newsgroups: microsoft.private.security.spyware.general >>NNTP-Posting-Host: 68-64-80-103.atlsfl.adelphia.net 68.64.80.103 >>Path: > cpmsftngxa10.phx.gbl!cpmsftngsa06.privatenews.microsoft.com!CPMSFTNGSA04.pri > vatenews.microsoft.com >>Xref: cpmsftngxa10.phx.gbl microsoft.private.security.spyware.general:53 >>X-Tomcat-NG: microsoft.private.security.spyware.general >> >>I have installed and run Beta 1 on my system. Based on other products (Ad >>Aware), my own very conservative settings on IE, general safe computing >>practices, and no symptoms of spyware, I do not believe that I have any >>spyware on my system. The Beta detected 3 instances of spyware. The >>first, WinPCap, I had installed, and it correctly said it was a low > threat. >>The system has a cool "always ignore" setting that I will use for WinPCap. >> >>The second, EZCyberSearch, was detected in a folder c:\documents and >>settings\knox\favorites\cool sites. In this folder I have about 30 > various >>URL's and it shows all to be infected. Apparently it doesn't like the > word >>"cool" in the path. I changed the name of the directory and now it > doesn't >>show up. I guess there's no double checking. >> >>The third, Network Essentials, is detected in the folder c:\program >>files\pop which contains a Microsoft Access MDB that I myself created. It >>seems unlikely that it would contain a Browser hijacker. I don't feel > like >>renaming my application to test it, but I hope that it is not just looking >>for the word "pop". The "learn more about this threat" link does not >>currently have any information. >> >>So far I find the user interface and installation to be very clean, easy > to >>use, and easy to understand. >> >> >>Knox >> >> >> >> >

Reply

Thread Tools
Show Printable Version Email this Page
Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads You may not post replies You may not post attachments You may not edit your posts vB code is On Smilies are On [IMG] code is On HTML code is Off

Please enter the search terms in the box below to search the entire site.