Jump to content
Sign in to follow this  
shtyra

Heur.Agent/Gen-FakeFlash.process

Recommended Posts

Hi all! I've been trying to download an update for Adobe Flash player for windows xp/firefox from www.get.adobe.com and twice now SAS Professional - real-time protection identifies the installation file (install_flashplayer10x32_mssd_aih.exe) as a Heur.Agent/Gen-FakeFlash.Process and removes the file. I believe this to be a false positive. Any advice is appreciated.

Thanks!

ETA: I attached the file in question, but it is not appearing. If you need it, just ask. I'll try to upload again..

Edited by shtyra

Share this post


Link to post
Share on other sites

Hi Shtyra,

I am sorry to hear about this, it does indeed sound like a false positive. I was unable to trigger this detection on my own machine, but I did make some changes to the rule in an effort to prevent false detections moving forward. The update just went live, so if you could update your rules and then scan with database version 8270 and then let me know if it is still being detected or not then that would be fantastic.

Thanks so much for your help in finding/fixing false positives.

Share this post


Link to post
Share on other sites

Thanks for the info SASJoe. I'm currently running another scan with MWB, but as soon as it is finished I will update SAS and scan, then report back the results.

Thanks again!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×
×
  • Create New...