Thursday, January 31, 2008

False/Positive Detection of WinPatrol by Kaspersky & Prevx1

Kaspersky and Prevx1 users need not be concerned if WinPatrol pops up in a scan by either software. This is a false/positive and has been reported.

The results of an upload of WinPatrol to VirusTotal currently yield the following results:
Kaspersky 7.0.0.125 2008.01.31 not-a-virus:AdWare.Win32.DealHelper.ak

Prevx1 V2 2008.01.31 Heuristic: Suspicious Hijacker
This isn't the first time this has happened. It seems to accompany a WinPatrol update. See http://billpstudios.blogspot.com/2007/06/do-all-signitures-come-from-kaspersky.html

Update:

Kaspersky removed the Patrol Setup.exe from their definitions but Prevx1 is still showing it as "Prevx1 V2 2008.01.26 Heuristic: Suspicious Hijacker". At least I an understand this since "WinPatrol uses a heuristic behavioral approach to detecting attacks and violations of your computing environment." However, it would be better if Prevx whitelisted it.

Update 01Feb08:

Prevx responded and has added WinPatrol to their white listed.

Many thanks to both Kaspersky and Prevx for responding so quickly.



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

1 comment:

Bill Pytlovany said...

And thanks to Corrine and others who followed up with the companies. At the time I was attending an AntiSpyware conference in D.C with limited wireless acceess in the bowls of the Capital Hyatt.

THANKS!

Bill