It looks like CA PestPatrol might have a false positive, detecting SillyDl FFL in C:\windows\system32\wuauclt.exe. This is a component of Windows Update, and in the case of the false positive it is a 124,184 byte file with an internal version number of 5.8.0.2469.
PestPatrol does not appear to be trying to delete the file, it is merely blocking access to it. Updating your Windows Update components should clear the problem. CA usually fix these false positives in a day or so.
The current signature version is 2008.9.9.15. Note that the PestPatrol engine is used in some other products, not all of which have the CA name on them.
6 comments:
How are you sure it's a false pos? It's currently showing up on machines in my network...
I ran it through VirusTotal and a number of other multi-engine scanners and it came up clean. I submitted a sample to CA for analysis and they said it was an exact match for the legitimate Microsoft application. Our CA support line says that there are a lot of reports that match ours, so the prognosis looks like a false positive.
Looks like running Windows Update takes care of it as well. Thanks for the post.
CA told me that eTrust ITM 8.1 PestPatrol Signature Version: 2008.9.11.15 would resolve the false positive notification.
2008.9.11.15 seems to fix it, but in a few cases machines are still reporting back the false positive even though the signature is updated. Perhaps a reboot or two might persuade them :)
This time I got a confirmation per email that Pestpatrol Signature File Version 2008.9.12.15 would resolve the problem (so I presume not 2008.9.11.15).
Post a Comment