potentially system wrecking false positives

Recommended Posts

Windows Xp SP3,Realtime: Shadow Defender,Sandboxie,Process Guard HIPS.

On demand: A-Squared free Avira 9.

The following potentially system wrecking false positives occurred on my A-Square full scan today.

(see attactted A-Squared Log).

At least quarantining the system exe,is a system breaker,and the Shadow Defender false positive would destroy the heart of my security.

On Virus total,and Jotti,only McAfee shares the detection.

I see the services exe detection has already been reported on these forums,one would thank many more times,as the file is ubiquitous,but nothing on the Shadow Defender file.

Share this post

Link to post
Share on other sites

Hi noorismail, welcome to the forum

services.exe is a False Positive please submit the file from the detection list

As for the services.exe in \$hf_mig$\ that is not as dangerous as the flagged in \system32\

Cannot tell anything about the Shadow Defender, but again the only way is to submit

Then, you should never dismiss the possibility of any file being compromised by the 3rd party infection

In any case you can read the following Sticky that applies to any security

My regards

{added} flagging of services.exe was fixed with the latest update see here

Share this post

Link to post
Share on other sites

thank you Lynx. Indeed the services.exe detection is now gone from my scan.

So true not to dismiss the possibility of a third party infection.

The ShadowDefender detection has been submitted to both EMSI and the ShadowDefrender forum.

Thanks for all assistance,


Share this post

Link to post
Share on other sites

You are welcome, noor.

I'm not sure though what the submission to Defender "devs" will do

Usually you have to submit to the vendor of the security that flagged the item(s),

On the other hand, you can do what you did and provide as much info as possible the version and other Info from the Properties, the signature included

"Not to panic!" as some guys here use to say :)

(I cannot possibly "write with accents(s)" here... do you need mp3 file to be attached?)


Share this post

Link to post
Share on other sites

Understood lynx.

The message to ShadowDefender was more in the nature of a "for your information" in case other

detections were reported,rather than a request for help.

Thank you for your kind assistance,and I wait a EMSI reply/call on the detection.

I suppose by its very nature the "Commit to real system" fuction of a system virtualization program like Shadow Defender/Returnil is prone to trigger alarms with anti-malware programs?

Anyway,the important thing is we learn something each day.



Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.