Results 1 to 9 of 9

Thread: Issue on False Pos. / False Neg. - Hosts file + Misc Suggestions

Threaded View

  1. #1
    markfilipak Guest

    Question Issue on False Pos. / False Neg. - Hosts file + Misc Suggestions

    Feedback to ZoneAlarm Developers...

    OS: WinXP-Pro
    Browser: Firefox 12.0
    Sandbox: Sandboxie 3.54
    URL: http: ~~snip~~
    Downloaded file: WECPSetup.exe

    Issue #1, Stealing the Focus: In sandbox (browser AND destination folder), while attempting to rename the file prior to saving it, ZoneAlarm's scanner stole the focus, and my keystrokes went into the scanner instead of into the filename box. Several unexpected things happened. STEALING THE FOCUS LIKE THAT IS DANGEROUS!! IT SHOULD NOT BE DONE!! (I won't tell the story about how an overly eager disk management program once stole the focus from my text editor to tell me that the disk check was complete and asking what I wanted to do next, just as I hit the "F" key.) Suggestion: Allow the disk save to complete (no harm there) AND THEN tell me about the virus detection. ...And, Yes, I'm going to make the entire sandbox off limits to the real-time scanner in the future.

    Issue #2, Mystifying Scanner Report: What am I to make of "not-a-virus: WebToolbar.Win32.InstallCore.a" in the following report?
    File name: WECPSetup.exe
    Virus name: not-a-virus: WebToolbar.Win32.InstallCore.a
    Type: Virus
    Risk:! Action required
    Path: E:\Sandbox\Mark_Filipak\DefaultBox\drive\F\Games\W ECPSetup.exe
    Issue #3, Strange Help: In an attempt to fathom what "not-a-virus: WebToolbar.Win32.InstallCore.a" meant, I clicked the For additional virus information and assistance, visit us at the link: Antivirus Resources link in the status bar of the Antivirus/Anti-spyware Scan popup. I then had to allow a non-sandboxed browser to be launched--Gasp!--and I was taken here:
    The page totally mystified me and didn't seem to have any bearing on the virus detection I'd just experienced. Certainly, it didn't answer what "not-a-virus: WebToolbar.Win32.InstallCore.a" meant.

    So, I joined this forum. ...And, Yes, I understand why ZoneAlarm didn't know I already had a web browser running in the sandbox.

    ~~snip~~

    Thanks for the bandwidth - Mark.
    Last edited by fax; June 17th, 2012 at 09:21 AM. Reason: de-link adware +offtopic

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 3
    Last Post: May 22nd, 2012, 04:08 PM
  2. [SOLVED] ZA download link doesn't work --> hosts file issue
    By kryptic in forum ZoneAlarm Free Firewall
    Replies: 15
    Last Post: October 6th, 2010, 06:42 AM
  3. [SOLVED] How to upload a protected file (false pos)?
    By lozzz in forum General - Questions that don't fit any other category
    Replies: 3
    Last Post: June 21st, 2010, 05:24 AM
  4. Replies: 0
    Last Post: March 9th, 2009, 02:16 PM
  5. Another false positive--ATI file, atiacmxx.dll
    By amethyst in forum Malware Discussion
    Replies: 10
    Last Post: November 10th, 2007, 03:49 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •