Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Combofix False Positive: SafeNet Sentinel


  • Please log in to reply
2 replies to this topic

#1 Ladewig (WUSTL)

Ladewig (WUSTL)

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:19 AM

Posted 19 March 2010 - 10:52 AM

We noticed that Combofix incorrectly identifies files used by SafeNet Sentinel as malware.

nsprs.dll
seraurth1.dll
serauth2.dll
ssprs.dll

Are all located in system32 and are used by Safenet which is used by software vendors to enforce licenses. In our envrionment it is used by SPSS. From looking online, it apepars this has been a false positive in scanners for some time. Any idea if there are plans to correct?

BC AdBot (Login to Remove)

 


#2 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 35,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:07:19 AM

Posted 19 March 2010 - 02:00 PM

I have notified the author with a copy of your post. We will update this thread with his response. Thank you for advising us.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+

#3 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 35,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:07:19 AM

Posted 22 March 2010 - 12:16 PM

The author would like to verify the files that you have mentioned and compare how they were targeted by ComboFix. He requests that you look in C:\ComboFix\quarantine and upload the files to http://www.bleepingcomputer.com/submit-malware.php?channel=4. Please zip all the files considered legitimate that are in quarantine and also in the zip file you upload include the C:\combofix.txt. This will help the author verify and identify what was targeted. Thank you for your assistance in bringing this to our and the authors attention.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users