The latest definition updates from yesterday (06-05-09) (Pro Version) is targeting & deleting the .exe of one of my installed programs that I've used for years. The program is Mmm, a context menu editing tool.
Homepage:
http://hace-software.com/mmm-plus.shtml
FAQ & privacy policy:
http://hace-software.com/faq-mmm-plus.shtml
I've tried putting Mmm's executable in the "Allowed/Trusted Items" list, I've added the installation folder to the "Excluded Folders" list, and I've tried disabling First Chance Prevention on my XP machines. No matter what I do, SAS immediately deletes the installed exe. The exe doesn't even show in quarantine, it's just totally removed from my machine.
I can't use the built-in false positive reporter to send a sample of the file because the executable is deleted from my machine the instant SAS starts running. Yet, when I scan the installer (via the right-click context menu) SAS tells me the file is clean?? Also, uploading the installer to VirusToatal gives it a clean bill of health (with only a couple of "possible" heuristic alerts).
This problem only got worse when I tried to experiment with the installer in a Virtual Machine. In a VM, SAS won't even let me run the installer. If I close SAS down, run the installer, then restart SAS, it immediately breaks the program by deleting the installed exe.
Here's my 3 questions:
1) Since I've used this program for years without any other security app ever targeting it, I'm suspecting this is a false positive?
2) Why won't SAS listen to me when I try to exclude it from being scanned and/or deleted?
3) Why isn't the targeted exe put in quarantine, instead of being deleted?
This has turned into a big mess. Can someone please advise on what I need to do please? I can provide the installer file if necessary. Thank you.