Misleading.WindowsDefence GDIPFONTCACHEV1.DAT false positive? [SOLVED by db 1927]

[Flutterby]

My IObit Security 360 found this during a full scan.

Threats Found:1

|Name|Type|Description|ID|
Misleading.WindowsDefence, File, C:\Documents and Settings\Christina\Local Settings\Application Data\GDIPFONTCACHEV1.DAT, 4-31243


I read that it's a possible fp that could be linked with an hp printer, but I don't use an hp printer. Should I remove this?

Any help would be greatly appreciated.

TY

[So_sad]

Hi Flutterby

That file has been present in Windows for years. It's a font cache .dat file.

Most likely a false positive.

A moderator will probably move this topic over to the False Positive section.

===

[scrd01]

This file also came up on my quick scan today, running full scan now.

same on full scan, i dont have any printers on my setup either.
|Name|Type|Description|ID|
Misleading.WindowsDefence, File, C:\Users\scrd100\Local Settings\Application Data\GDIPFONTCACHEV1.DAT, 4-31243

[enoskype]

Most probably false positive, but please follow the procedure in Guidelines and Requirements for Reporting a False Positive. thread.

Upload the file to www.VirusTotal.com to give the report link here, and upload the file to www.wikisend.com to give the download link here for IObit to further investigate.

Cheers.

[scrd01]

Hi Enoskype,
Virus scan came back clean,
MD5 : c1259a609995dc3678b41a047a9aa85a
SHA1 : 57b7a370c33dd32b73406def8934e6bee5121ee2
SHA256: 94fa8964abc708e1f7d07d3b77a86ef34849e7b7927f91b1de b28fcc4b557975


Roy

[LesBater]

On November 5th, I updated the definition file and ran fulls scans on all of my PC's. These include WindowsXP-SP3, Windows Vista-SP2 both x32 and x64 and Winows 7 x64. All reported:

Misleading.WindowsDefence on file GDIPFONTCACGEV1.DAT file.

Here is the scan history report from one of the PC's

IObit Security 360

OS:Windows Vista
Version:1.5.0.13
Define Version:1924
Time Elapsed:00:01:10
Objects Scanned:49906
Threats Found:1

|Name|Type|Description|ID|
Misleading.WindowsDefence - Quarantined, File, C:\Users\LeslieDBater_Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT, 4-31243

This file has been in Windows for years and has never been a problem.

I also uploaded the file to VirusTotal and it ran against 42 different scan software and none of them found anything wrong.

I hope that this gets corrected as soon as possible.

Les Bater

[hxin]

Quote:

Originally Posted by scrd01

Hi Enoskype,
Virus scan came back clean,
MD5 : c1259a609995dc3678b41a047a9aa85a
SHA1 : 57b7a370c33dd32b73406def8934e6bee5121ee2
SHA256: 94fa8964abc708e1f7d07d3b77a86ef34849e7b7927f91b1de b28fcc4b557975


Roy

Hi scrd01

Tanks for your feeback.
You can send the file (GDIPFONTCACHEV1.DAT) to www.wikisend.com and give us the link.

[Flagman]

I also received the same when I did a full scan just started a few days ago and was fine before that.What is the next step to removing this link.Thanks in advance for your help.

[wagygirl]

IObit Security 360

OS:Windows 7
Version:1.5.0.10
Define Version:1926
Time Elapsed:00:02:30
Objects Scanned:50932
Threats Found:1

|Name|Type|Description|ID|
Misleading.WindowsDefence- Quarantined, File, C:\Users\Amber\Local Settings\Application Data\GDIPFONTCACHEV1.DAT, 4-31243


_________________________________________________

I get this same false positive everyday. IObit Security 360 removes it, and Windows puts it back.
Please fix this. It is messing up my computer everyday when I start it.

Otherwise, I LOVE your products.

[So_sad]

Hi hxin,

I checked on my own machine and the file is there. I opened it and it is all fonts descriptions inside. As the file name suggests, it is a font cache file. Totally harmless.

Because it is a cache file, I'm thinking that size (and therefore checksum) will vary from region to region, from OS to OS, so if IS360 is targetting the file by name only, you can safely remove the detection.

===