Results 1 to 2 of 2

Thread: ZAES - false positive, exeptions not working for "On Demand" scan.

  1. #1
    lalittle Guest

    Default ZAES - false positive, exeptions not working for "On Demand" scan.

    I'm getting a false positive on the main executable for "Call of Duty 4: Modern Warfare" (the original Modern Warfare "1," not the new one.) The file is iw3sp.exe, and the detection is "Trojan-Spy.Win32.KeyLogger.cxh." 3 other engines on VirusTotal.com list similar results, but there is consensus on the web that these are false positives (the MD5 checksum confirms that this is the "real" file.) This is one of the main files for "Call of Duty 4: Modern Warfare" (the original "Modern Warfare") -- the game cannot work without this file. I am NOT using a crack -- COD4: MW was installed via a purchased CD.

    I sent the file to newvirus at Kaspersky dot com as per the instructions here, but the problem is that I cannot get ZAES to ignore the file during an On-demand scan. I added it to the exception list in both categories -- both the "On Access scan" and the "Trusted Process." I also removed it from the "target" list. This prevented it from being quarantined by simply looking at it, but it continues to be quarantined during on-demand scans. Am I missing something about excluding the file from scans? Is ZAES not able to exclude files from On-Demand scans like it can with On-Access scans? Or... is this actually malware disguised as the MW exe file? This seems unlikely given the other reactions on the web, as well as the low virustotal report (4 of 41), but I have no way to tell for sure.

    Note that unlike some other files, this one does not give me the post-scan option to "ignore always." ZAES simply quarantines it without asking.

    Thanks,

    Larry
    Last edited by lalittle; December 15th, 2009 at 04:49 PM.

  2. #2
    lalittle Guest

    Default Re: ZAES - false positive, exeptions not working for "On Demand" scan.

    Just a PS that I forgot to mention:

    Other false positive reports pertaining to this file and a couple other scanners appear to have been popping up in the last day or so, including a report on the Steam forums where several people reported the same issue with iw3sp.exe. This makes me relatively sure it's not a real threat (although confirmation from ZA/Kaspersky will be nice), but I'd still like to get ZA to ignore it in the mean time.

    Thanks again for any feedback,

    Larry

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •