I am currently on 9903 & the below indicated file is not being detected. (xl8galry.xls)
If that does not resolve it - please upload a sample to the falsepositive site below. Regards, Tammy _____ From: John Leto [mailto:[email protected]] Sent: Tuesday, July 19, 2011 9:39 AM To: NT System Admin Issues Subject: RE: Vipre- possible false positive DAT?? We have a machine with 9900 and it still has the issue, I do not belive this has been resolved. From: Tammy Stewart [mailto:[email protected]] Sent: Tuesday, July 19, 2011 8:32 AM To: NT System Admin Issues Subject: RE: Vipre- possible false positive DAT?? For anyone seeing this false positive & not yet reported it to our site/support - Please make sure you have definition 9900 or higher which should be correcting the issue. If still seeing files detected (falsely) the below site can be used to upload samples. If assistance is needed to restore files, etc from quarantine a support ticket can be filled out here: Support request page: www.gfi.com/supportform Regards, Tammy _____ From: Tammy Stewart [mailto:[email protected]] Sent: Tuesday, July 19, 2011 9:10 AM To: NT System Admin Issues Subject: RE: Vipre- possible false positive DAT?? Good morning everyone, I see a couple samples that have been sent in to our f/p report site so looks like they are aware. If someone wants to submit a suspect f/p file - here is where you can upload it to: http://www.sunbeltsecurity.com/falsepositive/ Regards, Tammy _____ From: David Mazzaccaro [mailto:[email protected]] Sent: Tuesday, July 19, 2011 9:01 AM To: NT System Admin Issues Subject: RE: Vipre- possible false positive DAT?? Is Sunbelt (GFI) aware of this? Nothing on their website yet. From: Mike Wiebke [mailto:[email protected]] Sent: Tuesday, July 19, 2011 8:52 AM To: NT System Admin Issues Subject: Re: Vipre- possible false positive DAT?? I'm seeing the same with threatdb version 9897 - 9900 _____ From: N Parr <[email protected]> To: NT System Admin Issues <[email protected]> Sent: Tue, July 19, 2011 7:07:22 AM Subject: RE: Vipre- possible false positive DAT?? ditto _____ From: John Leto [mailto:[email protected]] Sent: Tuesday, July 19, 2011 6:43 AM To: NT System Admin Issues Subject: Vipre- possible false positive DAT?? This morning I came in and noticed that Vipre had flagged several machines in my organization with a possible virus, all for the same Excel gallery file which I've listed below. Is this a possible false positive from Vipre?? It just seems strange that I'd have so many machines at the very same time with the very same infected file. Threat: Exploit.Excel.CVE-2011-1278 (v) Category: Exploit Severity: High Risk Traces Found: File: C:\Program Files\Microsoft Office\OFFICE11\1033\XL8GALRY.XLS File: C:\Windows\Installer\$PatchCache$\Managed\9040210900063D11C8EF10054038389C\1 1.0.5614\XL9GALRY.XLS_1033 John Leto Network Engineer Colonial Savings, F.A. 817-877-9578 [email protected] ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin . ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
