Jump to content

SASJoe

Members
  • Content Count

    19
  • Joined

  • Last visited

Everything posted by SASJoe

  1. Hi Clark, These detection rules are all what we call 'notify' rules. If a file gets detected by one of these rules then we notify the user by showing the result in the usual 'items found' window, HOWEVER, in order to actually delete these items you need to click the checkbox next to each of these items in the window. If you do not check these, then they are not removed. This is probably what you are experiencing. The reason we have 'notify' rules is because some of our rules are more heurisitics based so we like to err on the side of caution, and also because some programs are not really 'malicious' per se but may be unwanted (hence the PUP prefix to the detection rules, it means Potentially Unwanted Program) so we don't want to remove the item automatically, we notify the user and leave that choice up to the user since their PC is not in iminent danger from PUP items. Next time you run a scan and these items come up, make sure to check the checkboxes next to each of these that you wish to be deleted. Have a good day!
  2. Not a problem, happy to hear that this is now corrected. Have a good one!
  3. Hi Shtyra, I am sorry to hear about this, it does indeed sound like a false positive. I was unable to trigger this detection on my own machine, but I did make some changes to the rule in an effort to prevent false detections moving forward. The update just went live, so if you could update your rules and then scan with database version 8270 and then let me know if it is still being detected or not then that would be fantastic. Thanks so much for your help in finding/fixing false positives.
  4. Hi Bfann, The Repairs are certainly still a part of the free version, it has just been moved since we did the big v5 UI redesign. If you look at this screenshot you can see the Repairs button is on the applications main screen, just below the 'Check for Updates' and to the left of the 'Help' button. Have a good one!
  5. Hi DonnyDave, The Whitebox rule is not a false positive - it is a good rule. Sure - it has caused several false positives, but the rule still stands today and kills thousands of different malware samples. It does a whole lot more good than harm. The Babylon infection is not a result of the SAS scan, it is unrelated. We recieve over 25,000 new malware samples per day. Neither us, nor any other security vendor, are able to make rules to detect each and every one of those. We use our best judgement to decide on which samples are most important to focus on - and what rules will do the most to help protect our users. I am sorry to hear that you had a malicious program get through your security setup, but unfortunately these things happen. No one company can protect against all existing malware, and this is why we highly recommend that PC users use antivirus in addition to antispyware and in addition to any firewall. This makes it so you are protected by atleast 3 company's worth of definitions. Unfortunately, even with this great setup - some items can still get through. Next time you get infected but SAS is unable to remove, then you can make a CSR ticket at: https://www.superantispyware.com/csr We are more than happy to run a diagnostic on your PC, and then one of our technicians can go through it and attempt to retrieve a copy of the malicious program causing all the trouble. Likewise, we also have a tool called Threat Check (https://www.superantispyware.com/superantispyware_threatcheck.html) -- which can also help submit potentially malicious program information back to us here at SUPERAntiSpyware HQ when our scanner is not detecting anything on your machine but you know that it is infected. Thanks for sharing your situation with us, we do our best to innoculate our users against as many threats per day as possible -- but even so we cannot get every item. With your help next time we can get a copy of that non-detected item so that we can make a rule to protect both you and our other users from it moving forward. Have a good day!
  6. Hi Marko, The only way for us to verify whether or not the file is being falsely detected is for us to receive a copy. To do so, please file a False Positive report by clicking on the 'False Positive' button following a scan (while still on the results screen). This sends us all the relevant info needed to make the judgement, and if it is a FP we will of course fix the rule so that it no longer gets triggered for the non-malicious item. Thanks so much for your help.
  7. Great! Glad the changes fixed the false positive.Thanks for letting us know!
  8. Hi GIS-Guy, Thank you for reporting this. We will need you to use our in-application 'Report as False Positive' button (you see it immediately following a scan on the right side of the results window). This will send us all the vital information for the files so we can verify if it is or isn't a false positive. If it is a False Positive, then we will be able to make sure that we exclude these files moving forward. Thanks so much for your help!
  9. Hi George_L, Thanks for testing this. I tested it out and could not trigger any detections, and after looking through our definition update logs I see that our fix for this false positive actually was implemented in database version 7960. This explains why on version 7959 you were still having the false detection. When you have a chance, please update your definitions once more and test it again please. I am pretty sure we have this fix implemented correctly, so you shouldn't have any more detections. Thanks again for your help!
  10. Hi George_L, Thanks so much for reporting this to us. You are correct, this was a False Positive. We have implemented a fix for this detection as of the most recent definitions update. Please update your definitions, and then you shouldn't have any more problems with that Waterfox file getting detected. Thanks again! We really appreciate your help finding and fixing False Positives!
  11. Sure thing, not a problem. Sorry about the inconvenience to begin with. If you ever have any more detections you believe to be False Positives please feel free to send in another False Positive Report. Have a good one!
  12. Hi Archie, Thank you for reporting this to us. In order to review the file we need you to use our in-application 'Report as False Positive' button (located next to the results window immediately following a scan). This will send us all the vital file info we need so that we can make a ruling, and then exclude the file if it is indeed a false positive. Unless you use this Report button then we will not be able to reproduce the detection or be able to know exactly what file (you say it's modified?) you have there that is causing the detection. Thanks so much Archie, we really appreciate your help reporting False Positives!
  13. Hi Gene1234, Very interesting, thanks for reporting this to us. In order to see if this is a false positive, and then to subsequently exclude these files, following a scan where these items get detected we will need you to use our in-application 'Report as False Positive' button so that we can get all the information about the file we need to make a decision on it. You can see this button on the results page following a scan, before clicking on 'Remove'. Thanks so much - we really appreciate your help finding and fixing False Positives!
  14. Hi Francisco, If you believe this detection to be a False Positive then I urge you to use our in-application 'Report as False Positive' button (you will see it immediately following a scan, while still on the Results screen) to send us all the file information we need to make a decision and to exclude the file moving forward. Thanks so much for you help! Have a good one!
  15. Hi Madeline, Yup, this was indeed a False Positive. As of the most recent update this is now fixed and we no longer will detect that file. Once you update your definitions you shouldn't have any more issues. Thanks so much for your help! Have a good one!
  16. Hi SilkPhoenix, Ezekial is correct, that is not the normal behavior. After you pause or cancel the scan then you should still see the same exact results window and have to click the Remove button to continue, same as you would if the scan were able to complete. Please reinstall if this has happened more than once, because that is definitely atypical and personally I can't say I've seen it before. Have a great day!
  17. Hi Lazer, This sounds like these are Adware.Tracking Cookies being found and not Critical Threats. The way the SAS scanner handles cookies depends on the browser, for Firefox and Chrome cookies we do NOT quarantine -- instead we delete right away -- but with IE cookies then we quarantine like other threats. I hope this helps clear up the confusion. It sounds like your scanner is performing normally in any event. Have a good one!
  18. Hi Madeline, Thanks for reporting this to us. Sounds like it's most likely a false positive. If you could use our in-application 'Report as False Positive' (you see this button right after a scan while looking at the results) then we will be able to get all the file information we will need to fix the detection and stop the scanner from detecting the item moving forward. Thanks so much for your help. Have a good one!
×
×
  • Create New...