Heur.Agent/Gen-FakeIE -- FALSE POSITIVE !
Posted 29 November 2011 - 01:50 AM
Database Version 7994 - 11-28-2011
When running real-time protection, shuts down IE-8. With Alert from SAS.
After full scan with or without real time protection on nothing found.
Cannot open IE with real time on.Get alert
With real-time off, IE-8 works fine.
This just happened when the update came in.
Posted 29 November 2011 - 02:11 AM
Unable to access IE 8 with Real Time Protection on.
Posted 29 November 2011 - 02:25 AM
Database version 7995 trace 5807
Posted 29 November 2011 - 02:44 AM
Wondering if it truly is a false positive....
Posted 29 November 2011 - 03:02 AM
I added the blocked Heur.Agent/Gen-FakeIE to the allow list in SAS - started IE8 and disabled a few of the add-ons in IE - like Google SideBar, Google updater, and a few others that seemed unnecessary. Sorry I can't be more specific, as I wasn't paying real close attention as I was disabling them.
Also, I went to the Advanced tab in IE's Internet Options and clicked "Restore Advanced Settings" and "Reset.." to assure everything is set at default.
Closed IE8, removed the Heur.Agent/Gen-FakeIE from the Allowed/Trusted list in SAS preferences. Assured realtime protection is still enabled in SAS.
Now IE8 opens up fine without any warning or blocking of Heur.Agent/Gen-FakeIE.
Hopefully this will help the others having this issue.
My guess is it's an add-on for IE8 that is either infected or a False Positive.
Just wish I paid closer attention to which ones I disabled. (DOH!)
Posted 29 November 2011 - 03:13 AM
Posted 29 November 2011 - 03:28 AM
Posted 29 November 2011 - 03:57 AM
More details to come shortly...
[EDIT: IF my customer's computer is infected.. I can't see anything. I don't even see anything abnormal occurring.]
Posted 29 November 2011 - 04:00 AM
Posted 29 November 2011 - 04:46 AM
Posted 29 November 2011 - 05:43 AM
Thanks for the quick action!
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users