Sign in to follow this  
BoazBoaz

"Skipped items:" list

Recommended Posts

My "Skipped items" list didn't change from the first time I used the tool till today.

 

Every time I run the tool I send the "Skipped items" to be verified with the Treat Work submission tool.

 

I was expecting that some of the elements in the list will change their status from "Skipped items" to "OK" or "NOT OK" but not even one change.

 

Way ???

 

 

Skipped items:
Description: C:\WINDOWS\catchme.exe Family Name: Suspicious Object Clean status: Success Item ID: 0 Family ID: 0
Description: C:\WINDOWS\Downloaded Program Files\Housecall_ActiveX.dll Family Name: Suspicious Object Clean status: Success Item ID: 0 Family ID: 0
Description: C:\WINDOWS\erdnt\subs\ERDNT.EXE Family Name: Suspicious Object Clean status: Success Item ID: 0 Family ID: 0
Description: C:\WINDOWS\system32\ALZALZ.BIN Family Name: Suspicious Object Clean status: Success Item ID: 0 Family ID: 0
Description: C:\WINDOWS\system32\ALZZip.BIN Family Name: Suspicious Object Clean status: Success Item ID: 0 Family ID: 0
Description: C:\WINDOWS\system32\avisynth.dll Family Name: Suspicious Object Clean status: Success Item ID: 0 Family ID: 0
Description: C:\WINDOWS\system32\cdeject.dll Family Name: Suspicious Object Clean status: Success Item ID: 0 Family ID: 0
Description: C:\WINDOWS\system32\CmdLineExt03.dll Family Name: Suspicious Object Clean status: Success Item ID: 0 Family ID: 0
Description: C:\WINDOWS\system32\DivX.dll Family Name: Suspicious Object Clean status: Success Item ID: 0 Family ID: 0
Description: C:\WINDOWS\system32\RGSS100J.dll Family Name: Suspicious Object Clean status: Success Item ID: 0 Family ID: 0
Description: C:\WINDOWS\system32\RGSS102E.dll Family Name: Suspicious Object Clean status: Success Item ID: 0 Family ID: 0
Description: C:\WINDOWS\system32\RGSS102J.dll Family Name: Suspicious Object Clean status: Success Item ID: 0 Family ID: 0
Description: C:\WINDOWS\system32\swreg.exe Family Name: Suspicious Object Clean status: Success Item ID: 0 Family ID: 0

Share this post


Link to post
Share on other sites
I expect that it takes a while for them to check them out.

 

Patience :D

 

 

Yes, But not even one (of 13)???

 

Boaz

Edited by BoazBoaz

Share this post


Link to post
Share on other sites

AFAIK threatwork is primarily used to add new heuristic detections to the definitions file and tweak the heurisitcs, not to remove detections from the heuristics (this is not how heuristics works).

 

Don't quote me on this though.

 

Also, it only sends ones not previously sent to LS (it does this by generating an md5 of the file and querying whether the LS servers already have a file with that md5).

 

To permanently ignore them please select add to ignore from the drop down menu of actions.

Share this post


Link to post
Share on other sites

Still waiting...

 

Not even one of the 13 elements in the "Skipped items" list has change its status more then a month.

 

Doesn't seem reasonable to me...

 

 

Am I the only one ???

 

Boaz.

Share this post


Link to post
Share on other sites

version: 8.0.3 update on the issue:

In the new version the tool claims that NO items are Skipped:

Type			  Detected
==========================
Processes.......:		0
Registry entries:		0
Hostfile entries:		0
Files...........:		0
Folders.........:		0
LSPs............:		0
Cookies.........:		0
rowser hijacks.:		 0
MRU objects.....:		0

 

 

But the threatwork still send the 13 elements found in the previous version !!!

 

Well.... Not showing me the "Skipped items" that were found in the previous tool version but still sending them

Doe's NOT solve this issue !!!

Share this post


Link to post
Share on other sites
Sign in to follow this