Jump to content

Win7Pro Junction Node False Positive


thellewitt
 Share

Recommended Posts

Brand new install of Windows 7 Professional 64-bit. Latest version of Mbam with updated definitions. C:\Windows\System junction node created pointing to C:\Windows\SysWow64 for installation of older programs like Microsoft Office 2000. Mbam sees trojan exploits in c:\windows\system\explorer.exe c:\windows\system\rundll32.exe c:\windows\system\svchost.exe c:\windows\system\userinit.exe c:\windows\system\mstsc.exe c:\windows\system\msiexec.exe c:\windows\system\dllhost.exe and c:\windows\system\ctfmon.exe. Allowing Mbam to quarantine these files results in Windows failures such as Personalization throwing errors. Replacing files using sfc /scannow repairs missing files from know good copy. After reboot and another scan, Mbam once again detects the mentioned files as being trojans and exploits. These files are obviously really in the SysWoW64 folder and so the junction point is throwing Mbam off somehow.

Link to post
Share on other sites

  • Staff

Becuase you set something up that is not standard default of windows to install an Unsupported version of Office you would have to add those files to the ignore list. This is a heurisitic detection as nothing modern should have those files there.

Basically you would have to add the files indivually or add the whole folder/junction point to mbams list.

Link to post
Share on other sites

I have added the files to the ignore list for now but I think you miss the point. None of those files are installed by Microsoft Office 2000. They are already present in the SysWow64 folder and are Windows files. The ability to create new junction nodes unders Windows is coming up soon, they are merely the equivalent of symlinks.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.