topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Friday March 29, 2024, 6:30 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Sophos and Latest version  (Read 4716 times)

mediaguycouk

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 247
    • View Profile
    • Mediaguy
    • Donate to Member
Sophos and Latest version
« on: June 02, 2009, 04:43 AM »
Mouser,
Latest sophos is reporting that ScreenShot Captor Setup is 'exhibiting suspicious behaviour pattern HIPS/ProcMod-003'

Our place is currently under a big attack so I don't want to turn off my AV to send a sample (You can't upload the file while the AV is running as it thinks it is a virus and won't let you select, catch 22) so I thought you might want to.

(This is the setup file and not the program itself)

Graham

---
Edit - http://www.sophos.co.../hipsprocmod003.html

Isn't that a bit of a harsh pro-active alert? Anything that Internet Explorer downloads and runs! Isn't that everything?
Learning C# - Graham Robinson
« Last Edit: June 02, 2009, 04:45 AM by mediaguycouk »

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,896
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: Sophos and Latest version
« Reply #1 on: June 02, 2009, 05:15 AM »
lol, here we go again with these antiviruses trying to "help" us all by crying wolf over and over again without any rationale.

lanux128

  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 6,277
    • View Profile
    • Donate to Member
Re: Sophos and Latest version
« Reply #2 on: June 03, 2009, 06:22 AM »
it may be better to turn off the heuristic scanning. even in the linked page, it's mentioned that:

To reduce the chance of unwanted detections, Sophos HIPS should be set to 'Alert only' mode for the duration of any software installations. For more information, please read the knowledgebase article about deciding whether to allow or block a file.
-website

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,896
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: Sophos and Latest version
« Reply #3 on: June 03, 2009, 07:21 AM »
never trust antivirus heuristic mod scanning.. they are extremely prone to false positives.