Zeno false positive

**Fermat** · 2006-07-02, 11:22

I'm getting teatimer popups saying "s & D has encountered & terminated a process that is listed as malicious software" .... "Identified as Zeno".

The files are mcafee.com\vso\mcmnhdlr.exe and ...com\agent\McDash.exe.
As far as I can see, they haven't changed since 2005. And every anti-malware & av program I've run against them is happy.

Installed new S & D definitions & beta definitions yesterday (01 July). Popups began last night (UK) with scheduled McAfee virus scan.

Switched off teatimer, until new definitions arrive. (but WinPatrol's Scottie is guarding my Startup, so I feel reasonably safe)

Mike

**Fermat** · 2006-07-02, 12:37

I've just learnt how to allow those mcafee tasks in teatimer. Haven't had to go there before, so I didn't know about it. Wonderful feature. S & D has gone up even higher in my estimation. So teatimer is back in action.

**Yodama** · 2006-07-03, 08:50

thanks for reporting,
it is false positive in the beta detections and will be removed with the next update scheduled for the end of the week.
this false positive also detects qttask.exe as zeno, so do not be alarmed if qttask gets detected by the teatimer.

**bishoper** · 2006-07-03, 11:24

2006-07-03 05:10:09 Encountered and terminated Zeno in C:\WINDOWS\system32\nvsvc32.exe! from the log.

**Jon Graef** · 2006-07-03, 14:03

Setacm.exe is for setting the speed of the maxtor Hard disks read heads, to make the seek quiet (but slower). I ran the file but got the warning...Zeno.
File link included.

http://maxtor.custhelp.com/cgi-bin/m...hph?setacm.exe

Thanks Jon Graef

**Yodama** · 2006-07-03, 14:16

hi, please tell us which detection rules you are using and where the warning occured: as scanresult or teatimer popup.

**biko4710** · 2006-07-03, 14:48

Hi,

using latest beta detection rules (update: 1.7.06) teatimer creates following popups:

Encountered and terminated Zeno in C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
-> Lenovo/IBM ThinkVantage Access Connection 4.12

Encountered and terminated Zeno in D:\Microsoft ActiveSync\CEAppMgr.exe!
-> Microsoft ActiveSync 3.8.0, Application Manager

cu, biko

**CrazyBunch** · 2006-07-04, 00:04

Zeno detection is corrupt as it seems to trigger on all sorts of perfectly correct software. To the list above I can add:

* Encountered and terminated Zeno in C:\PROGRA~1\HEWLET~1\Toolbox\STATUS~1\STATUS~1.EXE!

...which is HP StatusClient to monitor printer status

* Encountered and terminated Zeno in C:\Program Files\Dantz\Retrospect\Retrospect.exe!

...which is Backup software by DANTZ

Re/F

**wuschel** · 2006-07-04, 18:54

Hi,
Updated to detection-updates 01-07-2006 (incl. beta), teatimer found :

"Encountered and terminated Zeno in C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe",

..., which is a legitimit file of "Acronis True Image"- backupsoftware.
Disabled the "ZENO"-detection in the "beta.sbi"-checklist.

CU, Wuschel

**Fermat** · 2006-07-04, 20:06

Originally Posted by Yodama

thanks for reporting,
it is false positive in the beta detections and will be removed with the next update scheduled for the end of the week.

Thanks for the info Yodama

Thread: Zeno false positive

Thread Tools

Display

FP in McAfee program files.

mcafee fp. an update

Zeno false positive

Zeno false positive

FP in MAafee

Posting Permissions