John

Problem is solved with the new definition. Thank you.

Sorry,I wasn't clear enough in my description above: the problem app is Mmm+ (the paid for version), not Mmm (the free version). As soon as I start the installation, SAS blocks the installer with the message: When I then allow the installer as a trusted program, the install proceeds normally, but then is instantly blocked from running by SAS. The description is as follows: I've posted a copy of the Mmm+ installer here: http://rapidshare.com/files/242358380/mmmplusinstall.rar Thanks.

The latest definition updates from yesterday (06-05-09) (Pro Version) is targeting & deleting the .exe of one of my installed programs that I've used for years. The program is Mmm, a context menu editing tool. Homepage: http://hace-software.com/mmm-plus.shtml FAQ & privacy policy: http://hace-software.com/faq-mmm-plus.shtml I've tried putting Mmm's executable in the "Allowed/Trusted Items" list, I've added the installation folder to the "Excluded Folders" list, and I've tried disabling First Chance Prevention on my XP machines. No matter what I do, SAS immediately deletes the installed exe. The exe doesn't even show in quarantine, it's just totally removed from my machine. I can't use the built-in false positive reporter to send a sample of the file because the executable is deleted from my machine the instant SAS starts running. Yet, when I scan the installer (via the right-click context menu) SAS tells me the file is clean?? Also, uploading the installer to VirusToatal gives it a clean bill of health (with only a couple of "possible" heuristic alerts). This problem only got worse when I tried to experiment with the installer in a Virtual Machine. In a VM, SAS won't even let me run the installer. If I close SAS down, run the installer, then restart SAS, it immediately breaks the program by deleting the installed exe. Here's my 3 questions: 1) Since I've used this program for years without any other security app ever targeting it, I'm suspecting this is a false positive? 2) Why won't SAS listen to me when I try to exclude it from being scanned and/or deleted? 3) Why isn't the targeted exe put in quarantine, instead of being deleted? This has turned into a big mess. Can someone please advise on what I need to do please? I can provide the installer file if necessary. Thank you.

Here's 2 suggestions: 1) Make SAS watch/protect/notify about changes to the HOSTS file...and be able to function with large custom HOSTS files without chocking & freezing with files that have many thousands of entries. 2) Make SAS watch/protect/notify about changes to IE's Trusted Sites list. As unbelievable as it sounds, I've even found "legitimate" installers which silently add a bunch of garbage to this list, without asking or giving any notification. fx....Audigy Sound Blaster drivers loads a bunch of AOL sites to this list when installing the drivers. And that's the best case scenario. Malware silently installing to this list could be "troublesome".