Jump to content

Recommended Posts

Wouldn't testing each new database on various operating systems eliminate false positives on the operating system itself.

I understand that you can't have every piece of software out there loaded on each test computer.

I'm more interested in the operating system false hits, and wouldn't mind less updates to accommodate more testing.

Link to post
Share on other sites
Wouldn't testing each new database on various operating systems eliminate false positives on the operating system itself.

I once asked Bruce if they tested each new database version, but he never replied. I have to assume that they do, in order to ensure that their additions to the database actually do what they expected.

Link to post
Share on other sites

If all new database versions are tested to ensure that their additions to the database actually do what they expected.

Then why do we see false positives like these?

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WS2IFSL (Fake.Driver)

C:\WINDOWS\system32\vcredist_x86.exe

C:\WINDOWS\system32\wextract.exe (Backdoor.Bot)

C:\Windows\System32\msconfig.exe (Trojan.Agent)

I'm trying to understand the process so I can better explain operating system false positives to the people that I recommend MBAM to.

Would some XP or Vista systems have a false positive, and others wouldn't?

Link to post
Share on other sites
  • Staff

C:\Windows\System32\msconfig.exe

This is the only one I have first hand knowledge with and was caused by not having a filter to kill potential FPs . The home location of msconfig is actually C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe . Msconfig does not exist on 2K but the XP version can be used and as with all system files system32 is the logical location to store the file .

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.