BleepingComputer.com: Talking about false positives.

Website blocked by Trend Micro Internet Security


Opening this website may put your security at risk
Trend Micro has not yet evaluated this website

--------------------------------------------------------------------------------

The website you wanted to see might transmit malicious software to your computer, or has done that before to someone else. It may also show signs of involvement in online scams or fraud.

Because you have set your Protection Against Web Threats to "High," all websites not yet checked by Trend Micro have been blocked for your protection.


Address: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Rating: Dangerous


What you can do:
Try visiting another site to find the information you want.


Notify Trend Micro to review this page if you consider it safe.

If you still want to see this blocked page:
1.Open the Trend Micro Internet Security console.
2.Click Internet & Email Controls.
3.Click the Settings... button under Protection Against Web Threats.
4.Click the Approved websites link in the next window that opens.

5.Copy and paste the address of the blocked website into the list.

This post has been edited by Budapest: 02 July 2010 - 05:41 PM
Reason for edit: Moved to a more appropriate place ~BP

Certain embedded files that are part of legitimate programs or specialized fix tools such as Combofix may at times be detected by some anti-virus and anti-malware scanners as a "Risk Tool", "Hacking Tool", "Potentially Unwanted Program", or even "Malware" (virus/trojan) when that is not the case. This occurs for a variety of reasons to include the tool's compiler, the files it uses, registry fixes, malware strings it contains and the type of security engine that was used during the scan.

Such programs have legitimate uses in contexts where a Malware Removal Expert asked you to use the tool or when an authorized user/administrator has knowingly installed it. When flagged by an anti-virus or security scanner, it's because the program includes features, behavior or files that appear suspicious or which can potentially be used for malicious purposes. These detections do not necessarily mean the file is malware or a bad program.

It means it has the potential for being misused by others or that it was simply detected as suspicious due to the security program's heuristic analysis engine which provides the ability to detect possible new variants of malware. Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them. In these cases the detection is a "False Positive".