locked
False alert - where to report? RRS feed

  • Question

  • Today FSC eat-out popular e-mail client executable files  - thebat.exe in all PCs in network, here the report from server console from one of them:

    18.10.2012 11:13:10

    3006

    Microsoft Forefront Client Security Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software.
    For more information please see the following:
    http://go.microsoft.com/fwlink/?linkid=37020&name=VirTool:WinNT/Livuto.gen&threatid=2147598253
    Scan ID: {1702893E-D69E-400E-87A7-418A293D38D2}
    User: DOMAIN\Name
    Name: VirTool:WinNT/Livuto.gen
    ID: 2147598253
    Severity: Severe
    Category: Tool
    Path:
    Alert Type: Spyware or other potentially unwanted software
    Action: Remove
    Error Code: 0x80508022
    Error description: To finish removing spyware and other potentially unwanted software, restart the computer.

    18.10.2012 11:12:52

    3004

    Microsoft Forefront Client Security Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Microsoft Forefront Client Security can't undo changes that you allow.
    For more information please see the following:
    http://go.microsoft.com/fwlink/?linkid=37020&name=VirTool:WinNT/Livuto.gen&threatid=2147598253
    Scan ID: {4C734E50-29FD-4C9F-B51B-5030BF9203A9}
    Agent: On Access
    User: DOMAIN\Name
    Name: VirTool:WinNT/Livuto.gen
    ID: 2147598253
    Severity: Severe
    Category: Tool
    Path Found: file:C:\Program Files\The Bat!\thebat.exe
    Alert Type:
    Process Name: C:\WINDOWS\explorer.exe
    Detection Type: Generic
    Status: Suspend

    First time encountered this, don`t know for who write about. Here data about definitions:

    Virus Definitions Version

    1.139.14.0 (Virus Definitions built on 17.10.2012 19:01:46)

    Spyware Definitions Version

    1.139.14.0 (Spyware Definitions built on 17.10.2012 19:01:46)

    Antimalware Engine Version

    1.1.8904.0

    Security State Assessment Engine Version

    1.0.1725.0

    Security State Assessment Definitions Version

    1.0.1725.0

    Antimalware Service Version

    1.5.1973.0

    Security State Assessment Service Version

    1.0.1725.0


    • Edited by j1fulcrum Thursday, October 18, 2012 7:52 AM
    Thursday, October 18, 2012 7:50 AM