RE: False-positives on Vipre this morning

2010-03-26 Thread Stu Sjouwerman 
Excellent !!

Warm regards,


Stu Sjouwerman
Co-Founder, Publisher, Sunbelt Media
P: +1-727-562-0101 ext 218
F: +1-727-562-5199
s...@sunbelt-software.com


  


-Original Message-
From: Angus Scott-Fleming [mailto:angu...@geoapps.com] 
Sent: Friday, March 26, 2010 1:39 PM
To: NT System Admin Issues
Subject: Re: False-positives on Vipre this morning

ASF:
> * FPs on half a dozen files in hidden directory
> C:\hp\recovery\wizard\fsadmin\ 
> on one XP Home machine that still sits on my network.  Submitted them to 
> Sunbelt after dealing with Rimecud.  No answer yet, but it was after 9 PM 
> Florida time when I submitted them.

On 26 Mar 2010 at 12:14, Stu Sjouwerman  wrote:

> Joe Frederick here at Sunbelt is takes with handling FP's when they come
> up.
> 
> You can report these directly to him. He's cc-d.

Thanks, Stu.  I already had, I think via the web form, and he got back to me 
this morning confirming their FP-ness.

--
Angus Scott-Fleming
GeoApps, Tucson, Arizona
1-520-290-5038
Security Blog: http://geoapps.com/





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

..
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Re: False-positives on Vipre this morning

2010-03-26 Thread Angus Scott-Fleming 
ASF:
> * FPs on half a dozen files in hidden directory
> C:\hp\recovery\wizard\fsadmin\ 
> on one XP Home machine that still sits on my network.  Submitted them to 
> Sunbelt after dealing with Rimecud.  No answer yet, but it was after 9 PM 
> Florida time when I submitted them.

On 26 Mar 2010 at 12:14, Stu Sjouwerman  wrote:

> Joe Frederick here at Sunbelt is takes with handling FP's when they come
> up.
> 
> You can report these directly to him. He's cc-d.

Thanks, Stu.  I already had, I think via the web form, and he got back to me 
this morning confirming their FP-ness.

--
Angus Scott-Fleming
GeoApps, Tucson, Arizona
1-520-290-5038
Security Blog: http://geoapps.com/





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: False-positives on Vipre this morning

2010-03-26 Thread Stu Sjouwerman 
Darn spelling correction!  :-)   "is tasked with" 

Warm regards,


Stu Sjouwerman
Co-Founder, Publisher, Sunbelt Media
P: +1-727-562-0101 ext 218
F: +1-727-562-5199
s...@sunbelt-software.com


  


-Original Message-
From: Stu Sjouwerman [mailto:s...@sunbelt-software.com] 
Sent: Friday, March 26, 2010 12:15 PM
To: NT System Admin Issues
Cc: Joe Frederick
Subject: RE: False-positives on Vipre this morning

Joe Frederick here at Sunbelt is takes with handling FP's when they come up.

You can report these directly to him. He's cc-d.

Warm regards,

Stu Sjouwerman
Co-Founder, Publisher, Sunbelt Media
P: +1-727-562-0101 ext 218
F: +1-727-562-5199
s...@sunbelt-software.com


  


-Original Message-
From: Angus Scott-Fleming [mailto:angu...@geoapps.com] 
Sent: Friday, March 26, 2010 1:01 AM
To: NT System Admin Issues
Subject: Re: False-positives on Vipre this morning

On 25 Mar 2010 at 22:57, Burian, Matthew J. (mjb)  wrote:

> That one file you saw in the recycle bin sounds very similar in name
> to the Microsoft Antimalware process of "MsMpEng.exe" used in OneCare
> and now used in Security Essentials. (Also may be used with Windows
> Defender??)
> 
> Just an interesting, though probably unrelated similarity in file naming.

Probably an intentional mis-naming by the malware.  Actually it turned out to 
be a true nasty trojan, not an FP (although I had those today also*).  Info 
pages here:

W32/IRCbot.gen.aj
http://vil.nai.com/vil/content/v_252087.htm

W32/Rimecud
http://vil.nai.com/vil/content/v_237984.htm

My infections had the filename of the first of those but the exact file-
location and registry-keys of the second.  VIPRE identified them as 
"Worm.Win32.Rimecud" [where DO they get these names???] and the VIPRE info page 
(doesn't say anything useful, unfortunately) is here:
http://www.sunbeltsecurity.com/ThreatDisplay.aspx?name=Worm.Win32.Rimecud&tid=4268277&cs=50289929C7DB40A0D03710195D3B1B1C
or here if the above wraps unusably: http://preview.tinyurl.com/ydtnjw6

I had three machines where the VIPRE "Deep Scan" found this.  I need to make 
sure I get Deep Scans on the rest of the network RSN as this spreads via 
network shares among other methods.

Angus

* FPs on half a dozen files in hidden directory C:\hp\recovery\wizard\fsadmin\ 
on one XP Home machine that still sits on my network.  Submitted them to 
Sunbelt after dealing with Rimecud.  No answer yet, but it was after 9 PM 
Florida time when I submitted them.

--
Angus Scott-Fleming
GeoApps, Tucson, Arizona
1-520-290-5038
Security Blog: http://geoapps.com/





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

..
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: False-positives on Vipre this morning

2010-03-26 Thread Stu Sjouwerman 
Joe Frederick here at Sunbelt is takes with handling FP's when they come up.

You can report these directly to him. He's cc-d.

Warm regards,

Stu Sjouwerman
Co-Founder, Publisher, Sunbelt Media
P: +1-727-562-0101 ext 218
F: +1-727-562-5199
s...@sunbelt-software.com


  


-Original Message-
From: Angus Scott-Fleming [mailto:angu...@geoapps.com] 
Sent: Friday, March 26, 2010 1:01 AM
To: NT System Admin Issues
Subject: Re: False-positives on Vipre this morning

On 25 Mar 2010 at 22:57, Burian, Matthew J. (mjb)  wrote:

> That one file you saw in the recycle bin sounds very similar in name
> to the Microsoft Antimalware process of "MsMpEng.exe" used in OneCare
> and now used in Security Essentials. (Also may be used with Windows
> Defender??)
> 
> Just an interesting, though probably unrelated similarity in file naming.

Probably an intentional mis-naming by the malware.  Actually it turned out to 
be a true nasty trojan, not an FP (although I had those today also*).  Info 
pages here:

W32/IRCbot.gen.aj
http://vil.nai.com/vil/content/v_252087.htm

W32/Rimecud
http://vil.nai.com/vil/content/v_237984.htm

My infections had the filename of the first of those but the exact file-
location and registry-keys of the second.  VIPRE identified them as 
"Worm.Win32.Rimecud" [where DO they get these names???] and the VIPRE info page 
(doesn't say anything useful, unfortunately) is here:
http://www.sunbeltsecurity.com/ThreatDisplay.aspx?name=Worm.Win32.Rimecud&tid=4268277&cs=50289929C7DB40A0D03710195D3B1B1C
or here if the above wraps unusably: http://preview.tinyurl.com/ydtnjw6

I had three machines where the VIPRE "Deep Scan" found this.  I need to make 
sure I get Deep Scans on the rest of the network RSN as this spreads via 
network shares among other methods.

Angus

* FPs on half a dozen files in hidden directory C:\hp\recovery\wizard\fsadmin\ 
on one XP Home machine that still sits on my network.  Submitted them to 
Sunbelt after dealing with Rimecud.  No answer yet, but it was after 9 PM 
Florida time when I submitted them.

--
Angus Scott-Fleming
GeoApps, Tucson, Arizona
1-520-290-5038
Security Blog: http://geoapps.com/





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

..
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Re: False-positives on Vipre this morning

2010-03-25 Thread Angus Scott-Fleming 
On 25 Mar 2010 at 22:57, Burian, Matthew J. (mjb)  wrote:

> That one file you saw in the recycle bin sounds very similar in name
> to the Microsoft Antimalware process of "MsMpEng.exe" used in OneCare
> and now used in Security Essentials. (Also may be used with Windows
> Defender??)
> 
> Just an interesting, though probably unrelated similarity in file naming.

Probably an intentional mis-naming by the malware.  Actually it turned out to 
be a true nasty trojan, not an FP (although I had those today also*).  Info 
pages here:

W32/IRCbot.gen.aj
http://vil.nai.com/vil/content/v_252087.htm

W32/Rimecud
http://vil.nai.com/vil/content/v_237984.htm

My infections had the filename of the first of those but the exact file-
location and registry-keys of the second.  VIPRE identified them as 
"Worm.Win32.Rimecud" [where DO they get these names???] and the VIPRE info page 
(doesn't say anything useful, unfortunately) is here:
http://www.sunbeltsecurity.com/ThreatDisplay.aspx?name=Worm.Win32.Rimecud&tid=4268277&cs=50289929C7DB40A0D03710195D3B1B1C
or here if the above wraps unusably: http://preview.tinyurl.com/ydtnjw6

I had three machines where the VIPRE "Deep Scan" found this.  I need to make 
sure I get Deep Scans on the rest of the network RSN as this spreads via 
network shares among other methods.

Angus

* FPs on half a dozen files in hidden directory C:\hp\recovery\wizard\fsadmin\ 
on one XP Home machine that still sits on my network.  Submitted them to 
Sunbelt after dealing with Rimecud.  No answer yet, but it was after 9 PM 
Florida time when I submitted them.

--
Angus Scott-Fleming
GeoApps, Tucson, Arizona
1-520-290-5038
Security Blog: http://geoapps.com/





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: False-positives on Vipre this morning

2010-03-25 Thread Burian, Matthew J. (mjb) 
That one file you saw in the recycle bin sounds very similar in name
to the Microsoft Antimalware process of "MsMpEng.exe" used in OneCare
and now used in Security Essentials. (Also may be used with Windows
Defender??)

Just an interesting, though probably unrelated similarity in file naming.

Matt


On Thu, Mar 25, 2010 at 2:20 PM, Angus Scott-Fleming
 wrote:

> I saw 4 or 5 machines on a 40 machine network with new warnings in the console
> when I checked remotely this morning.  I quickly previewed them; ISTR three
> machines had identical new detections in their Recycle Bins; the file was
> called something like Mx??Eng.exe.  ISTR one, an HP, had a bunch of hits in 
> its
> Recovery Partition.  I haven't had a chance to get to the office yet to submit
> them to VirusTotal and then to falsepositi...@sunbeltsoftware.com ...
>
> Angus
>
> --
> Angus Scott-Fleming
> GeoApps, Tucson, Arizona
> 1-520-290-5038
> Security Blog: http://geoapps.com/
>
>
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: False-positives on Vipre this morning

2010-03-25 Thread Angus Scott-Fleming 
On 25 Mar 2010 at 8:33, John Aldrich  wrote:

> 
> Still on the old version of Vipre Enterprise (waiting for more bugs to be
> squished. J) This morning I got a warning about some stuff on HP computers.
> I´m pretty sure it´s going to be a false positive, but I thought I´d ask if
> anyone else is having problems with stuff under
> c:\hp\recovery\wizard\fscommand John-AldrichTile-Tools 

I saw 4 or 5 machines on a 40 machine network with new warnings in the console 
when I checked remotely this morning.  I quickly previewed them; ISTR three 
machines had identical new detections in their Recycle Bins; the file was 
called something like Mx??Eng.exe.  ISTR one, an HP, had a bunch of hits in its 
Recovery Partition.  I haven't had a chance to get to the office yet to submit 
them to VirusTotal and then to falsepositi...@sunbeltsoftware.com ...  

Angus

--
Angus Scott-Fleming
GeoApps, Tucson, Arizona
1-520-290-5038
Security Blog: http://geoapps.com/





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: False-positives on Vipre this morning

2010-03-25 Thread Alex Eckelberry 
Noted.

From: Eric Wittersheim [mailto:eric.wittersh...@gmail.com]
Sent: Thursday, March 25, 2010 12:38 PM
To: NT System Admin Issues
Subject: Re: False-positives on Vipre this morning

+1
On Thu, Mar 25, 2010 at 11:35 AM, John Aldrich 
mailto:jaldr...@blueridgecarpet.com>> wrote:
Thanks, Alex. It would be nice to know if they are true F/Ps or are actual 
threats.

[cid:image001.jpg@01CACC19.F45154E0][cid:image002@01cacc19.f45154e0]

From: Alex Eckelberry 
[mailto:al...@sunbelt-software.com<mailto:al...@sunbelt-software.com>]
Sent: Thursday, March 25, 2010 12:33 PM
To: NT System Admin Issues
Subject: RE: False-positives on Vipre this morning

Those reports that you submit from the console do get read and acted upon.

I will check into this report.


Alex


From: John Aldrich 
[mailto:jaldr...@blueridgecarpet.com<mailto:jaldr...@blueridgecarpet.com>]
Sent: Thursday, March 25, 2010 9:17 AM
To: NT System Admin Issues
Subject: RE: False-positives on Vipre this morning

Interesting. I posted on the Sunbelt forum as well, so maybe I'll hear 
something back. I don't recall ever hearing anything back from Sunbelt if I 
just submit the suspected false-positives to Sunbelt from the console.

[cid:image001.jpg@01CACC19.F45154E0][cid:image002@01cacc19.f45154e0]

From: richardmccl...@aspca.org<mailto:richardmccl...@aspca.org> 
[mailto:richardmccl...@aspca.org<mailto:richardmccl...@aspca.org>]
Sent: Thursday, March 25, 2010 9:10 AM
To: NT System Admin Issues
Subject: Re: False-positives on Vipre this morning


All our dellephants are working fine this morning.  HOWEVER, 16 of these 
workstations were built with a DVD our help desk person made (slipstreamed 
w/SP3 and MS patches to date).  It seems some OEM drivers, most of which are in 
the .\i386 folder, are being flagged.  To date, we've had two NVidia and one 
Creative Labs driver set off alarms.  (For some reason, VIPRE sends me two 
notices for each alarm.  It's just So Much Fun to wake up and see 32 VIPRE 
events!
--
Richard D. McClary
Systems Administrator, Information Technology Group
ASPCA(r)
1717 S. Philo Rd, Ste 36
Urbana, IL  61802

richardmccl...@aspca.org<mailto:richardmccl...@aspca.org>

P: 217-337-9761
C: 217-417-1182
F: 217-337-9761
www.aspca.org<http://www.aspca.org/>


The information contained in this e-mail, and any attachments hereto, is from 
The American Society for the Prevention of Cruelty to Animals(r) (ASPCA(r)) and 
is intended only for use by the addressee(s) named herein and may contain 
legally privileged and/or confidential information. If you are not the intended 
recipient of this e-mail, you are hereby notified that any dissemination, 
distribution, copying or use of the contents of this e-mail, and any 
attachments hereto, is strictly prohibited. If you have received this e-mail in 
error, please immediately notify me by reply email and permanently delete the 
original and any copy of this e-mail and any printout thereof.


"John Aldrich" 
mailto:jaldr...@blueridgecarpet.com>> wrote on 
03/25/2010 07:33:49 AM:

> Still on the old version of Vipre Enterprise (waiting for more bugs
> to be squished. J) This morning I got a warning about some stuff on
> HP computers. I'm pretty sure it's going to be a false positive, but
> I thought I'd ask if anyone else is having problems with stuff under
> c:\hp\recovery\wizard\fscommand
>
> [image removed] [image removed]
>
>
>






















~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~<><>

Re: False-positives on Vipre this morning

2010-03-25 Thread Eric Wittersheim 
+1

On Thu, Mar 25, 2010 at 11:35 AM, John Aldrich  wrote:

>  Thanks, Alex. It would be nice to know if they are true F/Ps or are
> actual threats.
>
>
>
> [image: John-Aldrich][image: Tile-Tools]
>
>
>
> *From:* Alex Eckelberry [mailto:al...@sunbelt-software.com]
> *Sent:* Thursday, March 25, 2010 12:33 PM
> *To:* NT System Admin Issues
> *Subject:* RE: False-positives on Vipre this morning
>
>
>
> Those reports that you submit from the console do get read and acted upon.
>
>
>
> I will check into this report.
>
>
>
>
>
> Alex
>
>
>
>
>
> *From:* John Aldrich [mailto:jaldr...@blueridgecarpet.com]
> *Sent:* Thursday, March 25, 2010 9:17 AM
> *To:* NT System Admin Issues
> *Subject:* RE: False-positives on Vipre this morning
>
>
>
> Interesting. I posted on the Sunbelt forum as well, so maybe I’ll hear
> something back. I don’t recall ever hearing anything back from Sunbelt if I
> just submit the suspected false-positives to Sunbelt from the console.
>
>
>
> [image: John-Aldrich][image: Tile-Tools]
>
>
>
> *From:* richardmccl...@aspca.org [mailto:richardmccl...@aspca.org]
> *Sent:* Thursday, March 25, 2010 9:10 AM
> *To:* NT System Admin Issues
> *Subject:* Re: False-positives on Vipre this morning
>
>
>
>
> All our dellephants are working fine this morning.  HOWEVER, 16 of these
> workstations were built with a DVD our help desk person made (slipstreamed
> w/SP3 and MS patches to date).  It seems some OEM drivers, most of which are
> in the .\i386 folder, are being flagged.  To date, we've had two NVidia and
> one Creative Labs driver set off alarms.  (For some reason, VIPRE sends me
> two notices for each alarm.  It's just So Much Fun to wake up and see 32
> VIPRE events!
> --
> Richard D. McClary
> Systems Administrator, Information Technology Group
> *ASPCA®*
> 1717 S. Philo Rd, Ste 36
> Urbana, IL  61802
>
> richardmccl...@aspca.org
>
> P: 217-337-9761
> C: 217-417-1182
> F: 217-337-9761
> www.aspca.org
>
>
> The information contained in this e-mail, and any attachments hereto, is
> from The American Society for the Prevention of Cruelty to Animals® (ASPCA
> ®) and is intended only for use by the addressee(s) named herein and may
> contain legally privileged and/or confidential information. If you are not
> the intended recipient of this e-mail, you are hereby notified that any
> dissemination, distribution, copying or use of the contents of this e-mail,
> and any attachments hereto, is strictly prohibited. If you have received
> this e-mail in error, please immediately notify me by reply email and
> permanently delete the original and any copy of this e-mail and any printout
> thereof.
>
>
> "John Aldrich"  wrote on 03/25/2010 07:33:49
> AM:
>
> > Still on the old version of Vipre Enterprise (waiting for more bugs
> > to be squished. J) This morning I got a warning about some stuff on
> > HP computers. I’m pretty sure it’s going to be a false positive, but
> > I thought I’d ask if anyone else is having problems with stuff under
> > c:\hp\recovery\wizard\fscommand….
> >
> > [image removed] [image removed]
> >
> >
> >
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~<><>

RE: False-positives on Vipre this morning

2010-03-25 Thread John Aldrich 
Thanks, Alex. It would be nice to know if they are true F/Ps or are actual
threats.

 

John-AldrichTile-Tools

 

From: Alex Eckelberry [mailto:al...@sunbelt-software.com] 
Sent: Thursday, March 25, 2010 12:33 PM
To: NT System Admin Issues
Subject: RE: False-positives on Vipre this morning

 

Those reports that you submit from the console do get read and acted upon.

 

I will check into this report.

 

 

Alex

 

 

From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] 
Sent: Thursday, March 25, 2010 9:17 AM
To: NT System Admin Issues
Subject: RE: False-positives on Vipre this morning

 

Interesting. I posted on the Sunbelt forum as well, so maybe I'll hear
something back. I don't recall ever hearing anything back from Sunbelt if I
just submit the suspected false-positives to Sunbelt from the console.

 

John-AldrichTile-Tools

 

From: richardmccl...@aspca.org [mailto:richardmccl...@aspca.org] 
Sent: Thursday, March 25, 2010 9:10 AM
To: NT System Admin Issues
Subject: Re: False-positives on Vipre this morning

 


All our dellephants are working fine this morning.  HOWEVER, 16 of these
workstations were built with a DVD our help desk person made (slipstreamed
w/SP3 and MS patches to date).  It seems some OEM drivers, most of which are
in the .\i386 folder, are being flagged.  To date, we've had two NVidia and
one Creative Labs driver set off alarms.  (For some reason, VIPRE sends me
two notices for each alarm.  It's just So Much Fun to wake up and see 32
VIPRE events!
-- 
Richard D. McClary 
Systems Administrator, Information Technology Group 
ASPCAR 
1717 S. Philo Rd, Ste 36 
Urbana, IL  61802 
  
richardmccl...@aspca.org 
  
P: 217-337-9761 
C: 217-417-1182 
F: 217-337-9761 
 <http://www.aspca.org/> www.aspca.org 
  

The information contained in this e-mail, and any attachments hereto, is
from The American Society for the Prevention of Cruelty to AnimalsR (ASPCAR)
and is intended only for use by the addressee(s) named herein and may
contain legally privileged and/or confidential information. If you are not
the intended recipient of this e-mail, you are hereby notified that any
dissemination, distribution, copying or use of the contents of this e-mail,
and any attachments hereto, is strictly prohibited. If you have received
this e-mail in error, please immediately notify me by reply email and
permanently delete the original and any copy of this e-mail and any printout
thereof. 
  

"John Aldrich"  wrote on 03/25/2010 07:33:49
AM:

> Still on the old version of Vipre Enterprise (waiting for more bugs 
> to be squished. J) This morning I got a warning about some stuff on 
> HP computers. I'm pretty sure it's going to be a false positive, but
> I thought I'd ask if anyone else is having problems with stuff under
> c:\hp\recovery\wizard\fscommand.. 
>   
> [image removed] [image removed] 
>   
>   
>   

 

 

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~<><>

RE: False-positives on Vipre this morning

2010-03-25 Thread Alex Eckelberry 
Those reports that you submit from the console do get read and acted upon.

I will check into this report.


Alex


From: John Aldrich [mailto:jaldr...@blueridgecarpet.com]
Sent: Thursday, March 25, 2010 9:17 AM
To: NT System Admin Issues
Subject: RE: False-positives on Vipre this morning

Interesting. I posted on the Sunbelt forum as well, so maybe I'll hear 
something back. I don't recall ever hearing anything back from Sunbelt if I 
just submit the suspected false-positives to Sunbelt from the console.

[cid:image001.jpg@01CACC17.5AEC2520][cid:image002@01cacc17.5aec2520]

From: richardmccl...@aspca.org [mailto:richardmccl...@aspca.org]
Sent: Thursday, March 25, 2010 9:10 AM
To: NT System Admin Issues
Subject: Re: False-positives on Vipre this morning


All our dellephants are working fine this morning.  HOWEVER, 16 of these 
workstations were built with a DVD our help desk person made (slipstreamed 
w/SP3 and MS patches to date).  It seems some OEM drivers, most of which are in 
the .\i386 folder, are being flagged.  To date, we've had two NVidia and one 
Creative Labs driver set off alarms.  (For some reason, VIPRE sends me two 
notices for each alarm.  It's just So Much Fun to wake up and see 32 VIPRE 
events!
--
Richard D. McClary
Systems Administrator, Information Technology Group
ASPCA(r)
1717 S. Philo Rd, Ste 36
Urbana, IL  61802

richardmccl...@aspca.org

P: 217-337-9761
C: 217-417-1182
F: 217-337-9761
www.aspca.org<http://www.aspca.org/>


The information contained in this e-mail, and any attachments hereto, is from 
The American Society for the Prevention of Cruelty to Animals(r) (ASPCA(r)) and 
is intended only for use by the addressee(s) named herein and may contain 
legally privileged and/or confidential information. If you are not the intended 
recipient of this e-mail, you are hereby notified that any dissemination, 
distribution, copying or use of the contents of this e-mail, and any 
attachments hereto, is strictly prohibited. If you have received this e-mail in 
error, please immediately notify me by reply email and permanently delete the 
original and any copy of this e-mail and any printout thereof.


"John Aldrich"  wrote on 03/25/2010 07:33:49 AM:

> Still on the old version of Vipre Enterprise (waiting for more bugs
> to be squished. J) This morning I got a warning about some stuff on
> HP computers. I'm pretty sure it's going to be a false positive, but
> I thought I'd ask if anyone else is having problems with stuff under
> c:\hp\recovery\wizard\fscommand
>
> [image removed] [image removed]
>
>
>









~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~<><>

RE: False-positives on Vipre this morning

2010-03-25 Thread John Aldrich 
Interesting. I posted on the Sunbelt forum as well, so maybe I'll hear
something back. I don't recall ever hearing anything back from Sunbelt if I
just submit the suspected false-positives to Sunbelt from the console.

 

John-AldrichTile-Tools

 

From: richardmccl...@aspca.org [mailto:richardmccl...@aspca.org] 
Sent: Thursday, March 25, 2010 9:10 AM
To: NT System Admin Issues
Subject: Re: False-positives on Vipre this morning

 


All our dellephants are working fine this morning.  HOWEVER, 16 of these
workstations were built with a DVD our help desk person made (slipstreamed
w/SP3 and MS patches to date).  It seems some OEM drivers, most of which are
in the .\i386 folder, are being flagged.  To date, we've had two NVidia and
one Creative Labs driver set off alarms.  (For some reason, VIPRE sends me
two notices for each alarm.  It's just So Much Fun to wake up and see 32
VIPRE events!
-- 
Richard D. McClary 
Systems Administrator, Information Technology Group 
ASPCAR 
1717 S. Philo Rd, Ste 36 
Urbana, IL  61802 
  
richardmccl...@aspca.org 
  
P: 217-337-9761 
C: 217-417-1182 
F: 217-337-9761 
 <http://www.aspca.org/> www.aspca.org 
  

The information contained in this e-mail, and any attachments hereto, is
from The American Society for the Prevention of Cruelty to AnimalsR (ASPCAR)
and is intended only for use by the addressee(s) named herein and may
contain legally privileged and/or confidential information. If you are not
the intended recipient of this e-mail, you are hereby notified that any
dissemination, distribution, copying or use of the contents of this e-mail,
and any attachments hereto, is strictly prohibited. If you have received
this e-mail in error, please immediately notify me by reply email and
permanently delete the original and any copy of this e-mail and any printout
thereof. 
  

"John Aldrich"  wrote on 03/25/2010 07:33:49
AM:

> Still on the old version of Vipre Enterprise (waiting for more bugs 
> to be squished. J) This morning I got a warning about some stuff on 
> HP computers. I'm pretty sure it's going to be a false positive, but
> I thought I'd ask if anyone else is having problems with stuff under
> c:\hp\recovery\wizard\fscommand.. 
>   
> [image removed] [image removed] 
>   
>   
>   

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~<><>

Re: False-positives on Vipre this morning

2010-03-25 Thread RichardMcClary 
All our dellephants are working fine this morning.  HOWEVER, 16 of these 
workstations were built with a DVD our help desk person made (slipstreamed 
w/SP3 and MS patches to date).  It seems some OEM drivers, most of which 
are in the .\i386 folder, are being flagged.  To date, we've had two 
NVidia and one Creative Labs driver set off alarms.  (For some reason, 
VIPRE sends me two notices for each alarm.  It's just So Much Fun to wake 
up and see 32 VIPRE events!
--
Richard D. McClary
Systems Administrator, Information Technology Group 
ASPCA®
1717 S. Philo Rd, Ste 36
Urbana, IL  61802
 
richardmccl...@aspca.org
 
P: 217-337-9761
C: 217-417-1182
F: 217-337-9761
www.aspca.org
 
The information contained in this e-mail, and any attachments hereto, is 
from The American Society for the Prevention of Cruelty to Animals® (ASPCA
®) and is intended only for use by the addressee(s) named herein and may 
contain legally privileged and/or confidential information. If you are not 
the intended recipient of this e-mail, you are hereby notified that any 
dissemination, distribution, copying or use of the contents of this 
e-mail, and any attachments hereto, is strictly prohibited. If you have 
received this e-mail in error, please immediately notify me by reply email 
and permanently delete the original and any copy of this e-mail and any 
printout thereof.
 

"John Aldrich"  wrote on 03/25/2010 07:33:49 
AM:

> Still on the old version of Vipre Enterprise (waiting for more bugs 
> to be squished. J) This morning I got a warning about some stuff on 
> HP computers. I?m pretty sure it?s going to be a false positive, but
> I thought I?d ask if anyone else is having problems with stuff under
> c:\hp\recovery\wizard\fscommand?.
> 
> [image removed] [image removed] 
> 
> 
> 
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~