False positives

[Jerry Vaughn]

I had not checked my event logs in awhile and was surprised to find the
first entry below as nothing had been reported in WD. The second had
been reported but I don't think MS had been providing spyware by design
(-;

Jerry



Windows Defender Real-Time Protection agent has detected potential
malware.
For more information please see the following:
http://www.microsoft.com
Scan ID: {4C9496D1-948F-4E21-85CE-E965215562A4}
User: ***********
Threat Name: Unknown
Threat Id:
Threat Severity:
Threat Category:
Path Found: file:C:\Documents and Settings\All Users\Start Menu
\Programs\Startup\InterCheck Monitor.LNK;
file:C:\Program Files\Sophos SWEEP for NT\ICMON.EXE;
startup:C:\Documents and Settings\All Users\Start Menu\Programs
\Startup\InterCheck Monitor.LNK
Threat Classification: Unknown
Detection Type:


For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.



indows Defender scan has detected potential malware.
For more information please see the following:
http://www.microsoft.com
Scan ID: {8893C709-98E1-4686-9CDA-6E923488886F}
Scan Type: AntiSpyware
Scan Parameters: Full Scan
User: NT AUTHORITY\NETWORK SERVICE
Threat Name: Winlog
Threat Id: 14480
Threat Severity: 4
Threat Category: 8
Path Found: file:\@Newest
\Windows2000ProfessionalResourceKit_Feb2000\compmgmt.cab->srvany.exe
Detection Type: Signatures


For more information, see Help and Support Center at

 

[History Fan]

I had not checked my event logs in awhile and was surprised to find the

first entry below as nothing had been reported in WD. The second had
been reported but I don't think MS had been providing spyware by design
(-;

If you're a basic member of SpyNet, or not a member at all, I believe WD
will not notify you of 'potential' spyware threats. Only definite ones.

 

[History Fan]

I had not checked my event logs in awhile and was surprised to find the

first entry below as nothing had been reported in WD.

I just checked my event logs too, and WD reported 4 'potential'
malware. Two yesterday, and the other two today. I received no pop-up
notification from WD (I'm a basic member of SpyNet), and a quick and full
scan today revealed no threats.

 

[Jerry Vaughn]

I had not checked my event logs in awhile and was surprised to find the
first entry below as nothing had been reported in WD. The second had
been reported but I don't think MS had been providing spyware by design
(-;

Jerry



Windows Defender Real-Time Protection agent has detected potential
malware.
For more information please see the following:
http://www.microsoft.com
Scan ID: {4C9496D1-948F-4E21-85CE-E965215562A4}
User: ***********
Threat Name: Unknown
Threat Id:
Threat Severity:
Threat Category:
Path Found: file:C:\Documents and Settings\All Users\Start Menu
\Programs\Startup\InterCheck Monitor.LNK;
file:C:\Program Files\Sophos SWEEP for NT\ICMON.EXE;
startup:C:\Documents and Settings\All Users\Start Menu\Programs
\Startup\InterCheck Monitor.LNK
Threat Classification: Unknown
Detection Type:

For clarity - I am not a member of SpyNet. There are now two questions;
1. Why should that matter? If it WD is detecting a problem it should
notify; 2. The original problem.

Jerry

 

[Bill Sanderson]

Thanks - the first item is simply reported as unknown--and no user
notification is made by default. That's expected--it'll take awhile for the
vendors to get together and fix these appearance--antivirus apps change
frequently, and the companies need to build the communications channels to
get this stuff marked correctly out of the gate.

The second one, indeed, is an oldie. I suspect Microsoft is hard at work on
beta2's definitions--and this is one they need to eliminate

 

[Bill Sanderson]

The first one isn't a problem--it's an unknown. Microsoft isn't bringing
unknowns to the attention of the user--they probably don't know either.

The second one I'm not clear about--I can't explain why that one isn't
alarming--unless they are basically in mid-stream at cleaning the false
positive and have marked it safe in some way even though it is still in the
signatures.

--