Jump to content


Photo

Heur.Agent/Gen-FakeIE -- FALSE POSITIVE !


  • Please log in to reply
12 replies to this topic

#1 ProTruckDriver

ProTruckDriver

    Advanced Member

  • Members
  • PipPipPip
  • 108 posts
  • LocationVirginia

Posted 29 November 2011 - 01:50 AM

Please check the following update:

Database Version 7994 - 11-28-2011

Heur.Agent/Gen-FakeIE

When running real-time protection, shuts down IE-8. With Alert from SAS.
After full scan with or without real time protection on nothing found.
Cannot open IE with real time on.Get alert
With real-time off, IE-8 works fine.

This just happened when the update came in.


 


#2 skoop

skoop

    Newbie

  • Members
  • Pip
  • 9 posts

Posted 29 November 2011 - 02:11 AM

Also there with update 7995 Nov.28 2011

Unable to access IE 8 with Real Time Protection on.

#3 rogerthehart

rogerthehart

    Newbie

  • Members
  • Pip
  • 1 posts

Posted 29 November 2011 - 02:25 AM

Same here! False positive on legit IE8 process running on Windows 7 32bit.
Database version 7995 trace 5807

#4 Equipped Solutions

Equipped Solutions

    Newbie

  • Members
  • Pip
  • 4 posts
  • LocationGlendale AZ

Posted 29 November 2011 - 02:44 AM

Same here on Win XP Pro SP3 machine. I have update 7995/5807 dated 11/28/2011 on Vista and Win 7 machines on same network as XP problem machine, and they are running IE8 without any problems. (Haven't come to grips with IE9 yet)

Wondering if it truly is a false positive....

#5 Equipped Solutions

Equipped Solutions

    Newbie

  • Members
  • Pip
  • 4 posts
  • LocationGlendale AZ

Posted 29 November 2011 - 03:02 AM

POSSIBLE RESOLUTION

I added the blocked Heur.Agent/Gen-FakeIE to the allow list in SAS - started IE8 and disabled a few of the add-ons in IE - like Google SideBar, Google updater, and a few others that seemed unnecessary. Sorry I can't be more specific, as I wasn't paying real close attention as I was disabling them.

Also, I went to the Advanced tab in IE's Internet Options and clicked "Restore Advanced Settings" and "Reset.." to assure everything is set at default.

Closed IE8, removed the Heur.Agent/Gen-FakeIE from the Allowed/Trusted list in SAS preferences. Assured realtime protection is still enabled in SAS.

Now IE8 opens up fine without any warning or blocking of Heur.Agent/Gen-FakeIE.

Hopefully this will help the others having this issue.

My guess is it's an add-on for IE8 that is either infected or a False Positive.

Just wish I paid closer attention to which ones I disabled. (DOH!)

#6 tng5737

tng5737

    Newbie

  • Members
  • Pip
  • 1 posts

Posted 29 November 2011 - 03:13 AM

Same here just started with last update - I've run scans with MawlwareBytes and MSE with nothing found! I'm using Firefox now.

#7 Ramie

Ramie

    Newbie

  • Members
  • Pip
  • 1 posts

Posted 29 November 2011 - 03:28 AM

I am also getting the same error message. Running Windows XP. IE version 8.0.6001.187002. I am not running any add-ons. I did have a shortcut on the menu bar, which caused the error everytime. When I start via my desktop, I get no error. Wonder if the fact that I was using a copy of a shortcut could have an issue?

#8 Asrial

Asrial

    Member

  • Members
  • PipPip
  • 18 posts

Posted 29 November 2011 - 03:57 AM

Add me to the list. Customer is using XP.

More details to come shortly...

[EDIT: IF my customer's computer is infected.. I can't see anything. I don't even see anything abnormal occurring.]

#9 SAS Customer Service

SAS Customer Service

    Advanced Member

  • Moderators
  • 946 posts

Posted 29 November 2011 - 04:00 AM

I will let the guys know!
Customer Service
SUPERAntiSpyware
www.superantispyware.com

#10 ProTruckDriver

ProTruckDriver

    Advanced Member

  • Members
  • PipPipPip
  • 108 posts
  • LocationVirginia

Posted 29 November 2011 - 04:08 AM

I will let the guys know!


Thank you :)


 


#11 SAS Customer Service

SAS Customer Service

    Advanced Member

  • Moderators
  • 946 posts

Posted 29 November 2011 - 04:46 AM

Update your definitions, should be fixed now!
Customer Service
SUPERAntiSpyware
www.superantispyware.com

#12 ProTruckDriver

ProTruckDriver

    Advanced Member

  • Members
  • PipPipPip
  • 108 posts
  • LocationVirginia

Posted 29 November 2011 - 05:21 AM

It's fixed, Thank you. :)


 


#13 Asrial

Asrial

    Member

  • Members
  • PipPip
  • 18 posts

Posted 29 November 2011 - 05:43 AM

I updated my customer. If you don't hear back from me, that means my situation is also solved :)

Thanks for the quick action!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users