Author Topic: False positive: Sophos EM3  (Read 4390 times)

0 Members and 1 Guest are viewing this topic.

Offline websnail

  • Newbie
  • *
  • Posts: 7
False positive: Sophos EM3
« on: March 10, 2009, 01:31:51 PM »
Just thought I'd best record a false positive which crops up when you try to uninstall Sophos Enterprise Manager.

c:\windows\temp\sec3_support.exe
c:\windows\temp\runonce.exe

Both of these trigger a generic trojan warning.


The workaround is to either disable the on-access scanner or add those two files to the exceptions while you do the uninstall..

Given the nature of the file names though I would remove them immediately after using them to avoid them being used by other real trojans.

Online DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 85949
  • No support PMs thanks
Re: False positive: Sophos EM3
« Reply #1 on: March 10, 2009, 05:44:27 PM »
If you are sure they are FPs you can send the samples to avast for analysis, see below.

Send the sample to virus@avast.com zipped and password protected with the password in email body, a link to this topic might help and false positive in the subject.
 
Or you can also add the file to the User Files (File, Add) section of the avast chest (if it isn't already there) where it can do no harm and send it from there. A copy of the file/s will remain in the original location, so you will need to take further action and can remove/rename that.
 
Send it from the User Files section of the chest (select the file, right click, email to Alwil Software). It will be uploaded (not actually emailed) to avast when the next avast auto (or manual) update is done.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.9.2494 (build 21.9.6698.703) UI 1.0.672/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security