Announcement

Announcement Module
Collapse
No announcement yet.

Possible False Positive "Misleading.DefenseCenter" [SOLVED by db 1614]

Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Possible False Positive "Misleading.DefenseCenter" [SOLVED by db 1614]

    Not sure if this is a false positive?
    It is a Registry entry, so I am not sure whether I can even upload anything to virustotal.com or upload a file to you guys to check whether the detected threat is "clean".

    I have included a log file, so please let me no if this is a false positive and what I can do to help you find out if it is, if there isn't already a solution

    Thanks Rob

    Edit:
    I couldn't upload the log file but this is what it says;

    IObit Security 360

    OS:Windows 7
    Version:1.4.1.11
    Define Version:1612
    Time Elapsed:00:01:36
    Objects Scanned:48175
    Threats Found:1

    |Name|Type|Description|ID|
    Misleading.DefenseCenter, Registry Value, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved Value={5E2121EE-0300-11D4-8D3B-444553540000}, 4-29254
    Last edited by burrellbuzzman; Jun. 20th, 2010, 15:54.

  • #2
    There is no space between the "Curr entVersion" in the actual file and i couldn't edit the space out in the first post; so it is the same as above but with "CurrentVersion" instead of "Curr entVersion"

    Comment


    • #3
      Hi burrellbuzzman,

      This could well be a false positive, as the key is for ATI cards.

      What is written under the Data column when you go to the Registry Entry:
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Shell Extensions\Approved
      in Registry Editor for the Value={5E2121EE-0300-11D4-8D3B-444553540000}, IS360 gives as a threat?

      You can open the Registry Editor by typing regedit to the Run... in Start menu and hitting Enter.

      Cheers.
      enoskype

      - Beauty lies in the eye of the beholder and belongs to the man who can appreciate it. -

      Comment


      • #4
        Thanks for the response,

        Just went into regedit and under the Data column for the associated key which is in my first post, is says:

        Catalyst Context Menu extension

        As you said it is to do with ATI cards i guess this is a false positive.

        Is there any other information that you need from my end?

        Thanks again, Rob

        Comment


        • #5
          Hi burrellbuzzman.

          Please put it in the Ignore List untill a response from IObit Team.

          Cheers.
          enoskype

          - Beauty lies in the eye of the beholder and belongs to the man who can appreciate it. -

          Comment


          • #6
            ok thanks

            Rob

            Comment


            • #7
              Originally posted by burrellbuzzman View Post
              Not sure if this is a false positive?
              It is a Registry entry, so I am not sure whether I can even upload anything to virustotal.com or upload a file to you guys to check whether the detected threat is "clean".

              I have included a log file, so please let me no if this is a false positive and what I can do to help you find out if it is, if there isn't already a solution

              Thanks Rob

              Edit:
              I couldn't upload the log file but this is what it says;

              IObit Security 360

              OS:Windows 7
              Version:1.4.1.11
              Define Version:1612
              Time Elapsed:00:01:36
              Objects Scanned:48175
              Threats Found:1

              |Name|Type|Description|ID|
              Misleading.DefenseCenter, Registry Value, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved Value={5E2121EE-0300-11D4-8D3B-444553540000}, 4-29254
              Hi burrellbuzzman

              The Defensecenter is a rogueware , but the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved Value={5E2121EE-0300-11D4-8D3B-444553540000} is a FP.
              We will solve this issue in our later update definition 1614.

              Thanks for your feedback.
              IObit Support Team

              Comment

              Working...
              X