jordinyc
2007-11-14, 01:16
I SWEAR this is related! I know this isn't a Symantec board but hear me out! This is ON TOPIC!
About a day or two ago, computers on my network start reporting that Symantec AntiVirus (Corporate edition 10.1) found and deleted "Adware.SystemProcess (http://www.symantec.com/security_response/writeup.jsp?docid=2005-082613-0612-99)". Symantec runs a quickscan on bootup, so that's fine that it cought that. But then it started happening at every boot up on more and more PC's.
When I looked at the logs in Symantec AV, it said that "Adware.SystemProcess" was baisicly just a bunch of registry entries (keys most likely). All the users under HKEY_USERS had the following entries under Software\microsoft\Windows\Current Version\Internet Settings\P3P\History\:
bfast.com
commission-junction.com
fastclick.com
fastclick.net
linksynergy.com ... and sometimes
qksrv.net
Neither Symantec nor Spybot detected anything else except maybe some cookies.
Then after some googling I find this:
http://answers.yahoo.com/question/index?qid=20071110224557AAh1WXb
Basically, someone pointed out in question form that Symantec is reporting these particular innoculations as false positives for adware, and an answerer elaborated perfectly, but neither had a resolution.
And then I start finding other forums (http://www.dslreports.com/forum/r19423549-Norton-and-SpywareBlaster-updates-causing-FP-likely)refering back to this URL when I google Adware.SystemProcess Symantec and either Spybot or Spywareblaster.
So do I sit and wait for Symantec to fix their mistake and send an update that stops the reporting of innoculations as adware? Or do I wait for the anti-malware apps to send an update that makes changes in how those particular innoculations are made?
Or does everyone who has Spybot, Spywareblaster, AND Symantec have to, from now on, add specific "ignore" entries whenever this problem arises? If so, should we/they put the ingores in the anti-malware or in the anti-virus software?
Thanks for your time everyone.
About a day or two ago, computers on my network start reporting that Symantec AntiVirus (Corporate edition 10.1) found and deleted "Adware.SystemProcess (http://www.symantec.com/security_response/writeup.jsp?docid=2005-082613-0612-99)". Symantec runs a quickscan on bootup, so that's fine that it cought that. But then it started happening at every boot up on more and more PC's.
When I looked at the logs in Symantec AV, it said that "Adware.SystemProcess" was baisicly just a bunch of registry entries (keys most likely). All the users under HKEY_USERS had the following entries under Software\microsoft\Windows\Current Version\Internet Settings\P3P\History\:
bfast.com
commission-junction.com
fastclick.com
fastclick.net
linksynergy.com ... and sometimes
qksrv.net
Neither Symantec nor Spybot detected anything else except maybe some cookies.
Then after some googling I find this:
http://answers.yahoo.com/question/index?qid=20071110224557AAh1WXb
Basically, someone pointed out in question form that Symantec is reporting these particular innoculations as false positives for adware, and an answerer elaborated perfectly, but neither had a resolution.
And then I start finding other forums (http://www.dslreports.com/forum/r19423549-Norton-and-SpywareBlaster-updates-causing-FP-likely)refering back to this URL when I google Adware.SystemProcess Symantec and either Spybot or Spywareblaster.
So do I sit and wait for Symantec to fix their mistake and send an update that stops the reporting of innoculations as adware? Or do I wait for the anti-malware apps to send an update that makes changes in how those particular innoculations are made?
Or does everyone who has Spybot, Spywareblaster, AND Symantec have to, from now on, add specific "ignore" entries whenever this problem arises? If so, should we/they put the ingores in the anti-malware or in the anti-virus software?
Thanks for your time everyone.