Forefront Client Security TechCenter >
Forefront Client Security Forums
>
Forefront Client Security Malware Technology and Response
>
False virus detection in WSUSCONTENT folder
False virus detection in WSUSCONTENT folder
- Forefront client security keeps alerting me with detected win32/sality.an virus in the wsuscontent folder. I upload the infected files to virustotal.com which scans the file using 38 different engines, and no virus is found. When I try to clean the files using smartclean feature in forefront client security, the status turns green for a while, and then another file in wsuscontent folder is infected. It seems like the infection is moving, or maybe the files are not infected at all, could it be a bug or a definition file problem?
Only wsus updates are infected. A full scan of the server shows no other infections.
It also seems like Microsoft does not provide any support for forefront client security, except for premium contracts or pay per incident support.
My question is, how do I find out if the server is really infected or not, and how do I fix it?
All Replies
- hey Magnar
To check whether the files in the folder wsuscontent are malwares or not can you submit(upload) the infected file. Below is link to the portal where you can submit
1. Can you go to https://www.microsoft.com/security/portal/submit.aspx and submit the infected file.
2. It contains the information how to submit the files
2. After submitting sample it wil generate the submissionID. Can you email me that so that I can follow up with our researchers. You can mail me at montyj@microsoft.comPlease let me know if you face any problem and I will be more than happy to help you out.
Monty Jain[MSFT] montyj@microsoft.com
Monty Jain
