sandybeach Posted May 30, 2011 Running Win XP Home SP2 on HP Laptop. Have had SAS Personal installed from new w/ various newer versions installed. Al versions in the past have always been able to find my multiple copies of EICAR V1 & V2 plus 2 copies (1 zipped) of Misec's Trojan Simulator. Nicely indicated EICAR "not a threat" & listed Troj. Simulator (TSServ) as unknown. This is how I check that my protectors are not corrupt & working properly. Of course I leave check boxes unchecked so they'll be found again on next full scan. Yesterday, I chose to update the SAS program to latest version via updater online rather than to download full version, uninstall older & run SAS un-installer & then start from scratch as I have in the past. ALL active protection was disabled during this process and seemed to install without problem. Next full scan SAS found a pair of notify -disabled but completely MISSED EICAR & TSServ.exe . Can anyone tell me why?? ALSO: Will older versions of SAS (say 4.3x 4.5x) still be able to update using older built in updater after v.5 arrives?? I suspect older OS's won't get on w/ v.5? Thanks for your replies! Sandy Share this post Link to post Share on other sites
nighthawkext Posted May 31, 2011 We changed the rules that detect EICAR and TROJAN SIMULAR from notify to remove. Is it possible that you removed those from your machine on a previous scan? Version 5 will be compatible with all of the same OS and service packs as Version 4. Share this post Link to post Share on other sites
sandybeach Posted June 2, 2011 We changed the rules that detect EICAR and TROJAN SIMULAR from notify to remove. Is it possible that you removed those from your machine on a previous scan? Version 5 will be compatible with all of the same OS and service packs as Version 4. Thanks for your reply, nighthawkext! I have SAS set to "Report Only" in all scan modes as far as I know. That's my standard for scanners in case of False Positives. NOTE: SAS has been VERY GOOD about NOT finding FPs! (Take THAT AVG!!! LOL!) Would that rule change over ride those settings & remove in the background anyway?? Mind you my VIPRE A/V did report (under errors) that some of the EICARS & TS's were "corrupt" in latest scans which had me wondering.... Perhaps I should delete current & download fresh copies. Thanks for re-assurance re new updating & older OS's !! Thanks for your time & wisdom! Sandy Share this post Link to post Share on other sites
nighthawkext Posted June 2, 2011 The only way SAS would detect and remove those files without your input would be if you had real time running in the pro version and ran eicar or trojansim. My guess is that, if they are still on your machine, that they are corrupted somehow. Thanks Don Share this post Link to post Share on other sites
sandybeach Posted June 3, 2011 Thanks For That, Don! Good to Know! Guess I'll check it out further (likely download fresh)!! Keep the Faith!! Sandy Share this post Link to post Share on other sites
SAS Customer Service Posted June 3, 2011 Thanks For That, Don! Good to Know! Guess I'll check it out further (likely download fresh)!! Keep the Faith!! Sandy Great! Please let us know if you have any further questions. Share this post Link to post Share on other sites