Yes, after I posted the email I noticed your comment below. I am getting more data internally.
From: Eric Wittersheim [mailto:eric.wittersh...@gmail.com] Sent: Thursday, October 29, 2009 10:52 AM To: NT System Admin Issues Subject: Re: VIPRE DEF 5474 is blue screening computers Alex, This is not entirely correct. My laptop is a HP with English (United States) Version of Windows XP SP3 installed and winlogon.exe was detected as a FP. Eric On Thu, Oct 29, 2009 at 9:45 AM, Alex Eckelberry <al...@sunbelt-software.com> wrote: This definition update was posted at around 10 PM last night and was out for approximately 90 minutes. There was a false positive on a Zbot detection. The detection was pulled as soon as security response discovered the FP, and was replaced with 5475. The issue only affects certain foreign language versions of Windows. We maintain a robust whitelist repository of all versions of Windows in every language. How this detection passed through our false positive testing is still unknown and we are researching the issue. It is obviously a very high priority internally to figure out how and why this happened. Alex From: Eric Wittersheim [mailto:eric.wittersh...@gmail.com] Sent: Thursday, October 29, 2009 9:40 AM To: NT System Admin Issues Subject: VIPRE DEF 5474 is blue screening computers Anyone who runs Vipre Enterprise should make sure to update to 5475. 5474 is quarantining winlogon.exe and blue screening computers. Check out http://supportforums.sunbeltsoftware.com/messageview.aspx?catid=27&threa did=1802&enterthread=y plus it has happened to me on one system so far. Sunbelt is working on this as I type this. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
