Sign in to follow this  
DavidR

Possible False Positive

Recommended Posts

Over the last couple of weeks I have been having two registry keys detected as Vulnerabilities, now these I believe have been there for some considerable time and I can't see anything obvious the passing of the launching file parameters. I have continued to ignore them so they are scanned next time a definitions update is released half expecting the detection to disappear as happened some time ago with a registry detection that I also ignored.

 

I obviously don't want to delete/quarantine registry keys as there is likely to be an impact, not that I run a screen-saver or frequently launch .reg files. The information belo, mentions to check the Comments: for information on the vulnerability, yet that is blank, so no help there in saying it is a vulnerability.

 

AdAware SE Personal 1.0sr1 - Definitions SE1R172 22.5.2007

 

Name:Windows

Category:Vulnerability

Object Type:RegData

Size:8 Bytes

Location:regfile\shell\open\command "" ("%1" %*)

Last Activity:25-05-2007

Relevance:Low

TAC index:3

Comment:

Description:General Windows Security Issue. Your system security may be compromised. The specifics of the possible compromised item are listed in the comments section.

 

and

 

Name:Windows

Category:Vulnerability

Object Type:RegData

Size:8 Bytes

Location:scrfile\shell\open\command "" ("%1" %*)

Last Activity:25-05-2007

Relevance:Low

TAC index:3

Comment:

Description:General Windows Security Issue. Your system security may be compromised. The specifics of the possible compromised item are listed in the comments section.

 

 

It would be nice if there was an easy to report possible false positives either through the right click option on the detection or on the double click more detailed information about the detection.

 

So are these really valid detections and if so exactly what is the vulnerability ?

Share this post


Link to post
Share on other sites

Bump, doesn't anyone read these forums ?

 

This condition remains unchanged, and no response for 12 days.

Share this post


Link to post
Share on other sites

wish i could help you davidr...waiting for a reply to mine too my friend-wanna place a bet on who's is answered first :D

Share this post


Link to post
Share on other sites

The delay is because you posted in the wrong part of the forum - I will move this thread to the False Positives section, which is monitored by LS staff.

 

Regards,

 

Spike

Share this post


Link to post
Share on other sites

Hello DavidR,

You have to know that AdAware SE Personal don't have all functions running.

This freeware version of the program just clean your computer time to time without any vaccin as possible with registered version. Registred version include "Add-Watch" program to prevent infection to come back into your computer.

Meanwhile, in that case this is not important because all cookies you find with this version and you'll erase, will come back right away as soon as you will visit the web site where it were coming from.....

Just perform a scan as much as possible in order to stay clean as much as possible.....

Share this post


Link to post
Share on other sites

Hi ! ;)

 

Thank you for your input.

 

The Windows family just recognizes changes of default windows settings. Ad-aware just make it possible for the user to replace back the reg data to the default windows settings.

 

However a user can choose to open .reg file in another editor instead of immediately excecuting it. I would suggest that you put these data vaules on the ignore list if you want to keep your current settings.

 

Regards

 

Albin

 

Lavasoft Research

Share this post


Link to post
Share on other sites

Though it should be noted that these reg entries ARE sometimes modified by malware, and although you can ignore them this time round, if they change to a value that contains an exe file or some other file you do not recognise, and is flagged by Ad-Aware, you should quarantine it, or at least ask in the forums.

 

Some other security applications will modify them themselves, and this is good to remember in case you do a scan with something else, and this results in another Ad-Aware detection. In these cases you can most likely ignore them - but be on your guard.

 

//Steve

Edited by SteveJ

Share this post


Link to post
Share on other sites
The delay is because you posted in the wrong part of the forum - I will move this thread to the False Positives section, which is monitored by LS staff.

 

Regards,

 

Spike

 

Thanks for moving it, now it is generating some responses.

Share this post


Link to post
Share on other sites
Hello DavidR,

You have to know that AdAware SE Personal don't have all functions running.

This freeware version of the program just clean your computer time to time without any vaccin as possible with registered version. Registred version include "Add-Watch" program to prevent infection to come back into your computer.

 

I'm aware of the limitations of the SE Personal version, I have been using AdAware for a few years. The paid for version would I assume also pick this up, but my post is relating to detections and I do feel this is a bad detection. This would seem to be confirmed by the Link SteveJ Posted (topic=883) thanks Steve.

Share this post


Link to post
Share on other sites
Hi ! :huh:

 

Thank you for your input.

 

The Windows family just recognizes changes of default windows settings. Ad-aware just make it possible for the user to replace back the reg data to the default windows settings.

 

However a user can choose to open .reg file in another editor instead of immediately excecuting it. I would suggest that you put these data vaules on the ignore list if you want to keep your current settings.

 

Regards

 

Albin

 

Lavasoft Research

 

Thanks for the response, and I will certainly add it to the Ignore list, what I couldn't understand was why the scan flagged them in the first place.

 

Description:General Windows Security Issue. Your system security may be compromised. The specifics of the possible compromised item are listed in the comments section.

 

When the comments section was empty, so no explanation why it was considered a security risk and to be placed in the Critical Object when the detection is considered, Relevance:Low and a TAC index:3

 

You say that adaware will make it possible to restore the reg data to the windows default, yet the act of quarantining surely would delete the entry and not restore to windows default.

 

If it is considered OK to ignore, why then wouldn't these entries considered for detection, I know you have said if they deviate from the windows default, but surely the scan can check if that deviation is harmful or a potential risk.

 

Thanks again to all those who took the time to respond.

Share this post


Link to post
Share on other sites
Sign in to follow this