DonationCoder.com Software > Screenshot Captor

Sophos and Latest version

(1/1)

mediaguycouk:
Mouser,
Latest sophos is reporting that ScreenShot Captor Setup is 'exhibiting suspicious behaviour pattern HIPS/ProcMod-003'

Our place is currently under a big attack so I don't want to turn off my AV to send a sample (You can't upload the file while the AV is running as it thinks it is a virus and won't let you select, catch 22) so I thought you might want to.

(This is the setup file and not the program itself)

Graham

---
Edit - http://www.sophos.com/security/analyses/suspicious-behavior-and-files/hipsprocmod003.html

Isn't that a bit of a harsh pro-active alert? Anything that Internet Explorer downloads and runs! Isn't that everything?

mouser:
lol, here we go again with these antiviruses trying to "help" us all by crying wolf over and over again without any rationale.

lanux128:
it may be better to turn off the heuristic scanning. even in the linked page, it's mentioned that:

To reduce the chance of unwanted detections, Sophos HIPS should be set to 'Alert only' mode for the duration of any software installations. For more information, please read the knowledgebase article about deciding whether to allow or block a file.-website
--- End quote ---

mouser:
never trust antivirus heuristic mod scanning.. they are extremely prone to false positives.

Navigation

[0] Message Index