What is watchdriversigningpolicy.exe? It looks to be something that tells unattended windows installs to bypass checking of non-WHQL drivers. If that's so, then you might just have to whitelist it.
I'm not sure it's related, but I've had a few goofy false positives over the last few days after having none for months. From: Jonathan Link [mailto:jonathan.l...@gmail.com] Sent: Tuesday, October 27, 2009 8:42 AM To: NT System Admin Issues Subject: Re: Need to add an exception for VIPRE... Me three. On Tue, Oct 27, 2009 at 8:37 AM, Sherry Abercrombie <saber...@gmail.com> wrote: +2 On Tue, Oct 27, 2009 at 7:34 AM, Eric Wittersheim <eric.wittersh...@gmail.com> wrote: +1 On Tue, Oct 27, 2009 at 7:21 AM, N Parr <npar...@mortonind.com> wrote: Updated with what. Running ThreatDB 5470 here and not seeing anything. -----Original Message----- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Monday, October 26, 2009 10:41 PM To: NT System Admin Issues Subject: Need to add an exception for VIPRE... Looks like a Microsoft update is causing a small bit of pain. I'm getting tons of these warnings from VIPRE on workstations that were just updated... Output: Machine: IT-TEST Scan Date: 10/26/2009 8:07 PM Software Version: 3.1.2837 ThreatDB Version: 5468 Policy: Default ----------------- Threat: BehavesLike.Win32.Malware (v) Category: Trojan Severity: High Risk Action: Quarantined Traces Found: File: C:\Drivers\WatchDriverSigningPolicy.exe ----------------- ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ -- Sherry Abercrombie "Any sufficiently advanced technology is indistinguishable from magic." Arthur C. Clarke ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~