Remove From My Forums

Problems with malware inspection and google.com?

Question

My malware inspection updated to 1.119.1972.0 and within 5 minutes started blocking www.google.com because of JS/Blacole.BW. I'm almost sure this is a false positive given how queit the rest of the net is about it. Is anyone else encountering the same thing?

Log type: Web Proxy (Forward)
Status: 12210 An Internet Server API (ISAPI) filter has finished handling the request. Contact your system administrator.
Rule: Allow Web Access for All Users
Source: Internal (192.168.29.121:62366)
Destination: External (vw-in-f106.1e100.net 74.125.113.106:80)
Request: GET http://www.google.com/
Filter information: Req ID: 4f573343; Compression: client=No, server=Yes, compress rate=0% decompress rate=347%
Protocol: http

Tuesday, February 14, 2012 10:17 PM

Answers

1

Sign in to vote
This has got to be a false positive. I have the same symptoms and I see that this was released today http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Exploit%3aJS%2fBlacole.BW&ThreatID=-2147313253
- Marked as answer by Nick Gu - MSFTModerator Monday, February 20, 2012 6:32 AM
Tuesday, February 14, 2012 10:26 PM

All replies

yep same here!

Failed Connection Attempt
Log type: Web Proxy (Forward)
Status: 12210 An Internet Server API (ISAPI) filter has finished handling the request. Contact your system administrator.
Rule: Allow Web Access for All Users
Source: Internal
Destination: External (74.125.237.56:80)
Request: GET http://www.google.com.au/
Filter information: Req ID: 1d1b2e38; Compression: client=No, server=Yes, compress rate=0% decompress rate=350%
Protocol: http
User: anonymous
Additional information Client agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.1) Gecko/20100101 Firefox/10.0.1 Object source: Internet (Source is the Internet. Object was added to the cache.) Cache info: 0x61220100 (Request includes the CACHE-CONTROL: MAX-AGE, or CACHE-CONTROL: MAX-STALE, or CACHE-CONTROL: MIN-FRESH header. Response includes the CACHE-CONTROL: PRIVATE header. Response includes the CACHE-CONTROL: MAX-AGE or S-MAXAGE header. Response includes the EXPIRES header. Response includes the TRANSFER-ENCODING header. Response should not be cached.) Processing time: 203 MIME type: text/html; charset=UTF-8

Tuesday, February 14, 2012 10:19 PM

0

Sign in to vote

Encountering the same thing. Is this a false positive or not?

Tuesday, February 14, 2012 10:22 PM
1

Sign in to vote
This has got to be a false positive. I have the same symptoms and I see that this was released today http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Exploit%3aJS%2fBlacole.BW&ThreatID=-2147313253
- Marked as answer by Nick Gu - MSFTModerator Monday, February 20, 2012 6:32 AM
Tuesday, February 14, 2012 10:26 PM
0

Sign in to vote

Same thing here - is there a solution?? This is crazy!!

Tuesday, February 14, 2012 10:30 PM
0

Sign in to vote

Same problem here, local forefront endpoint security detects it as well when bypassing TMG so its not isolated to TMG inspection.

Tuesday, February 14, 2012 10:32 PM
0

Sign in to vote

This has hit our Agency as well. Had to add a malware bypass for google.com.au

Only seem to occur on the redirect

Tuesday, February 14, 2012 10:41 PM
0

Sign in to vote

This is happening at my firm, too. Gotta be those crappy google animations.

Tuesday, February 14, 2012 10:41 PM
1

Sign in to vote

I'm getting it at my work as well:

     Access to the requested file is blocked due to a detected infection:
    Category: Exploit
    Infection name: Exploit:JS/Blacole.BW

I'm just using https google instead.

Tuesday, February 14, 2012 10:45 PM
0

Sign in to vote

We are NOT seeing this on www.google.com and www.google.de, but on www.google.dk!
Started after update 1.119.1972.0.

We are located in Denmark, Europe.
Peter :-)

Tuesday, February 14, 2012 10:47 PM
0

Sign in to vote

Same here. Our definitions updated 11:00am NZDST and bang! We have disabled malware inspection for now to bypass. We have had definition updates cause similar issues in FOPE, only to be resolved in a definition update shortly after.

Tuesday, February 14, 2012 10:49 PM
0

Sign in to vote

Same issue on Google.com here in the US.

TMG Proxy running Forefront.

Tuesday, February 14, 2012 10:50 PM
0

Sign in to vote

The same problem here. Microsoft Security Essentials after update 1.119.1972.0

Tuesday, February 14, 2012 10:51 PM
0

Sign in to vote

Definately the work around is to add *.google.com and *.google.[country code] to the "Sites Exempt from Malware Inspection" Domain Name Set. Thankfully I have another TMG system to watch for when MS pushes the fix.

Tuesday, February 14, 2012 10:53 PM
2

Sign in to vote

Don't bypass this until Microsoft has confirmed that this is a false detection!
Google would be the perfect path to spead a serious cyber attack...
Peter :-)

Tuesday, February 14, 2012 10:53 PM
0

Sign in to vote

www.google.com.au blocked here also running tmg

Tuesday, February 14, 2012 10:53 PM
0

Sign in to vote

The same for www.google.com.co In Colombia. We are running TMG too

Tuesday, February 14, 2012 10:55 PM

Yep, blocked here too

Failed Connection Attempt
Log type: Web Proxy (Forward)
Status: 12210 An Internet Server API (ISAPI) filter has finished handling the request. Contact your system administrator.
Rule: Allow Web Access for All Users
Source: Client (192.168.31.122:3344)
Destination: External (syd01s12-in-f24.1e100.net 74.125.237.120:80)
Request: GET http://www.google.com.au/
Filter information: Req ID: 1367637b
Protocol: http
User: anonymous

Tuesday, February 14, 2012 10:58 PM

0

Sign in to vote

Hi,

same problem here - not using TMG - just Security Essentials on a single not domain joined client machine.
Peter Forster | MVP Virtual Machine 2002-2011 | Austria | German System Center Blog: www.systemcenterblog.at

Tuesday, February 14, 2012 10:59 PM
0

Sign in to vote

Having the same problem I just reinstalled the Win 7 and it has been only 3 days and I got this message. There is no way this computer has been hit with a real virus. This must be a false positive. The message below is from MSE.

Category:

Exploit

Description:

This program is dangerous and exploits the computer on which it is run.

Recommended action:

Remove this software immediately.

Security Essentials detected programs that may compromise your privacy or damage your computer. You can still access the files that these programs use without removing them (not recommended). To access these files, select the Allow action and click Apply actions. If this option is not available, log on as administrator or ask the security administrator for help.

Items:

file:C:\Users\mjc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VJYEXF6G\google_com[1].htm

Get more information about this item online.

Tuesday, February 14, 2012 10:59 PM
0

Sign in to vote

I highly doubt that this is a problem with Google. TrendMicro, and McAfee systems are all still allowing access to the site but Microsoft is blocking it. Although I could be wrong.

Tuesday, February 14, 2012 10:59 PM

My malware inspection updated to 1.119.1972.0 (1/2 hour ago)Google.com /co.uk are being denied.

TMG LOGS:Failed Connection Attempt EDGE 14/02/2012 22:56:11 Log type: Web Proxy (Forward) Status: 12210 An Internet Server API (ISAPI) filter has finished handling the request. Contact your system administrator. Rule: Allow Web Access for All Users Source: Internal (172.16.111.69:53706) Destination: External (wi-in-f94.1e100.net 173.194.67.94:80) Request: GET http://www.google.co.uk/ Filter information: Req ID: 0da4c78c; Compression: client=No, server=Yes, compress rate=0% decompress rate=360% Protocol: http User: anonymous Additional information Client agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Object source: Internet (Source is the Internet. Object was added to the cache.) Cache info: 0x61220000 (Response includes the CACHE-CONTROL: PRIVATE header. Response includes the CACHE-CONTROL: MAX-AGE or S-MAXAGE header. Response includes the EXPIRES header. Response includes the TRANSFER-ENCODING header. Response should not be cached.) Processing time: 156 MIME type: text/html; charset=UTF-8 Regards, Steve.

UK Scotland.

Edited by BadgerBlack Tuesday, February 14, 2012 11:02 PM

Tuesday, February 14, 2012 11:00 PM

0

Sign in to vote

No problem... google is infected... read this... http://www.microsoft.com/security/portal/Definitions/WhatsNew.aspx?Version=1.119.1972.0&Package=AM

Tuesday, February 14, 2012 11:01 PM
0

Sign in to vote

Same here on the computers at work in Australia/Melbourne.

www.google.com.au

Win XP IE8 and a computer with .... IE6 on it.

Kaylene / TaurArian MVP

Tuesday, February 14, 2012 11:02 PM
1

Sign in to vote

No problem... google is infected... read this... http://www.microsoft.com/security/portal/Definitions/WhatsNew.aspx?Version=1.119.1972.0&Package=AM

Sorry but that tells me nothing apart from the fact Microsoft added the JS/Blacole.BW to the latest definition updates, it doesn't mean that they didn't start generating false positives.

I've logged a call with Microsoft, even though I assume they already know about it.

Tuesday, February 14, 2012 11:03 PM
0

Sign in to vote
Agreed. As another interesting oddity, I only get the suspected false positive exploit detected with Security Essentials when I use Internet Explorer. If I use Chrome or Firefox it doesn't trip MS SE.
- Edited by SpHeRe31459 Tuesday, February 14, 2012 11:10 PM
Tuesday, February 14, 2012 11:05 PM
1

Sign in to vote

Hi,

as there are many customers affected I just created a case with Microsoft Partner Support - will let you know as soon as I have an update there.
Peter Forster | MVP Virtual Machine 2002-2011 | Austria | German System Center Blog: www.systemcenterblog.at

Tuesday, February 14, 2012 11:05 PM
1

Sign in to vote

Got a reply to my Microsoft Support ticket: "Hi Stephen, Thanks for reporting this issue. We have received several similar reports from different channels. Currently I’m working with our AV team to investigate the issue. Will keep you updated for any progress. "

So expect new definitions in the next hour I would say.

Tuesday, February 14, 2012 11:17 PM
0

Sign in to vote

Same problem here on WIN7 after today's updates. Uninstalled Java, ran MSE, Malwarebytes and latest MS malicious software removal tool, but the Exploit:js/blacole.bw warnings keep popping. For me it is not just on google.com, but it also appears to pop up on any webpage using google adwords or google analytics.

Tuesday, February 14, 2012 11:17 PM
0

Sign in to vote

I've added an exclusion in Forefront for the time being, but does anyone know if this exploit used actively anywhere else?

I'm seeing the false positive on google.com from Internet Explorer 7.0 on Windows XP, 8.0 on XP, and 9.0 on Windows 7, but not seeing it in Firefox, Chrome, or Opera.

Tuesday, February 14, 2012 11:19 PM
0

Sign in to vote

I've added an exclusion in Forefront for the time being, but does anyone know if this exploit used actively anywhere else?

I'm seeing the false positive on google.com from Internet Explorer 7.0 on Windows XP, 8.0 on XP, and 9.0 on Windows 7, but not seeing it in Firefox, Chrome, or Opera.

i saw it on firefox but after i change my proxy settings, the config what not to use, after i change it to system setting the same error

Tuesday, February 14, 2012 11:21 PM
1

Sign in to vote

I am seeing this on IE, Chrome and Firefox with TMG.
I will not bypass anything for my companys network before MS has confirmed if this is a false positive - what is the protection worth if we disable it as soon as we "think" it is a false positive? Think of the consequences if it is not a false positive!
Peter :-)

Tuesday, February 14, 2012 11:25 PM
0

Sign in to vote

Same here, with google.com in US, or using the google search in the menu bar.

Tuesday, February 14, 2012 11:25 PM
0

Sign in to vote

I am seeing this on IE, Chrome and Firefox with TMG.
I will not bypass anything for my companys network before MS has confirmed if this is a false positive - what is the protection worth if we disable it as soon as we "think" it is a false positive? Think of the consequences if it is not a false positive!

Peter :-)

agree...

Tuesday, February 14, 2012 11:28 PM
0

Sign in to vote

The same thing here.
I asume that the definitions of all mentioned Antivirus/Spam-Tools contain false positives.
Got error on two desktops running Security-Essentials.

Greetings
Uwe

Tuesday, February 14, 2012 11:29 PM
0

Sign in to vote

I'm getting it at my work as well:

     Access to the requested file is blocked due to a detected infection:
    Category: Exploit
    Infection name: Exploit:JS/Blacole.BW

I'm just using https google instead.

HTTPS://www.google.com.au is working here on the current definitions...

Tuesday, February 14, 2012 11:32 PM
0

Sign in to vote

As I have a multilayered aproach to security here, and I see that McAfee, and Trend do not suspect Google as being infected I say MS is incorrect. Especially seeing as how McAfee and Trend have a better track record with web inspection than MS.

Tuesday, February 14, 2012 11:32 PM
1

Sign in to vote

I'm getting it at my work as well:

     Access to the requested file is blocked due to a detected infection:
    Category: Exploit
    Infection name: Exploit:JS/Blacole.BW

I'm just using https google instead.

HTTPS://www.google.com.au is working here on the current definitions...
Interesting, I get stopped there as well. Possibly you don't have https inspection turned on.

Tuesday, February 14, 2012 11:38 PM
5

Sign in to vote
"Hi Stephen,

Microsoft AV team is removing the detection from Signature. 1.119.1986.0 or higher will contain this change.

Please check and let us know if the issue is still there with the latest signature. Thank you"

New definitions are coming...
- Proposed as answer by BradStoltz Tuesday, February 14, 2012 11:53 PM
Tuesday, February 14, 2012 11:41 PM
0

Sign in to vote

That is word for word of my PSS call too.

Tuesday, February 14, 2012 11:46 PM
0

Sign in to vote

Will look forward to a definitions update... just spent best part of 2 hours trying to remove a non-existant virus.... :/

Tuesday, February 14, 2012 11:50 PM
0

Sign in to vote

Definately the work around is to add *.google.com and *.google.[country code] to the "Sites Exempt from Malware Inspection" Domain Name Set. Thankfully I have another TMG system to watch for when MS pushes the fix.

I did consider removing google from the malware inspection list myself, however if i forgot to remove it after the fix, and google does get infected in the future, there would be hell to pay for causing the security vulnerability...

looks like im waiting for the definitions update.

the world wont end if i dont have google for another hour right? ...RIGHT???

Wednesday, February 15, 2012 12:00 AM

Here is what I have isolated as the offending script - this will trigger the MSE alert if you save it to an html file.

<script>

function g(b){
 var c=new Date((new Date).getTime()+5184000000);
   
   try{
 var l="PP_TOS_ACK="+b+";
 expires="+c.toGMTString()+";
  path=/;
   domain="+d;
   document.cookie=l}
   catch(n)
   {
   e("error","write_cookie")
   }
   }


   function k(){g(-1);
   e("dismiss");
   j()
   }


   function i(){g(-1);
   e("tellmore");
   j()}
   
   

</script>

-Rex

Wednesday, February 15, 2012 12:01 AM

0

Sign in to vote

Has anyone got an ETA on when the new definitions will be released? Please let us all know if you receive them.

I guess the workaround is to use BING?

Wednesday, February 15, 2012 12:02 AM
5

Sign in to vote
Has anyone got an ETA on when the new definitions will be released? Please let us all know if you receive them.

I guess the workaround is to use BING?

I asked for an ETA:

"Hi Stephen,

Just confirmed with AV guys. The new signature is in release pipeline now. ETA is about 2 hours."

So it's a confirmed issue at Microsoft's side. Seems safe to exclude google from your malware inspection for the time being....as it appears all work stops without google! :p
- Proposed as answer by SamEvans Wednesday, February 15, 2012 12:49 AM
Wednesday, February 15, 2012 12:06 AM
1

Sign in to vote

My two cents worth ...

If you exclude it from TMG, chances are the Windows clients running Forefront/Security Essentials will then detect the "virus". From an end users perspecitve the problem still remains, it's just been shifted from TMG to the client. This may result in a negative view of your IT team...

IMHO, you're better off waiting for the fix from MS. Deploy to Windows clients first, and then to TMG servers. That way you avoid this secondary false alert...

Wednesday, February 15, 2012 12:22 AM
0

Sign in to vote

BTW - Thanks Stephen for the updates - muchly appreciated.

I am also assuming in the abovestatement, that you're using MS antivirus on the clients, and not another vendor...

Wednesday, February 15, 2012 12:23 AM
0

Sign in to vote

BTW - Thanks Stephen for the updates - muchly appreciated.

I am also assuming in the abovestatement, that you're using MS antivirus on the clients, and not another vendor...

No problem, glad to help.

Actually we aren't using MSE on the desktop...but yes, I hadn't thought of that, no point in causing desktop alerts unnecessarily if you are using it.

Wednesday, February 15, 2012 12:34 AM
0

Sign in to vote

My two cents worth ...

If you exclude it from TMG, chances are the Windows clients running Forefront/Security Essentials will then detect the "virus". From an end users perspecitve the problem still remains, it's just been shifted from TMG to the client. This may result in a negative view of your IT team...

IMHO, you're better off waiting for the fix from MS. Deploy to Windows clients first, and then to TMG servers. That way you avoid this secondary false alert...

I can confirm that our FEP clients are on fire detecting this when our users are going to google.com. Unfortuantely we have no way to bypass for google.com, we can only set a default action of Allow for the actual exploit that is detected (Exploit:JS/Blacole.BW).

Wednesday, February 15, 2012 12:39 AM
0

Sign in to vote
MS have confirmed that a definition update is due in 1 -2 hours

Rajan
- Proposed as answer by Ivan Dretvic Wednesday, February 15, 2012 1:24 AM
Wednesday, February 15, 2012 12:44 AM
0

Sign in to vote
As an interim solution please follow the below steps.
To specify destinations and sources exempt from malware inspection

In the Forefront TMG Management console, in the tree, click the Web Access Policy node.

On the Tasks tab, click Configure Malware Inspection.

Click the Destination Exceptions tab or the Source Exceptions tab, and then click Add.

In the Add Network Entities dialog box, click New, and then select Domain sets.
To modify the default domain set, select the appropriate entry, and then click Edit.

Add the following domain to the Domain Set:
*.google.com
*.google.com.au (we added this as its in our region and we use it considerably.

When you have finished, click OK, and then on the Apply Changes bar, click Apply.

More info can be found here:

http://technet.microsoft.com/en-us/library/dd441080.aspx
- Proposed as answer by Ivan Dretvic Wednesday, February 15, 2012 1:24 AM
Wednesday, February 15, 2012 1:23 AM
0

Sign in to vote

Same issue here on forefront client security, and forerfront TMG. I have a Case open too with MS.
, Kristofer Olafsson

Wednesday, February 15, 2012 1:31 AM
0

Sign in to vote

Can't do that.

It could solve the problem but no guarantee of a secured network.

Still waiting for solution from MS.

Wednesday, February 15, 2012 1:47 AM
0

Sign in to vote

We are also experiencing the same issues with FEP.

Does anyone know if there is way to force all clients to quickly update to the latest definition file once/if Microsoft release the virus def? Or will we just have to wait for their update cycle?

Wednesday, February 15, 2012 2:02 AM
0

Sign in to vote

Hi! We just got confirmation from Microsoft stating this is a false positive and will be corrected in next update. Check http://isc.sans.edu for more information.

Wednesday, February 15, 2012 2:03 AM
0

Sign in to vote

How do you know when its fixed?

Will deleting detected items work when its fixed ?

Wednesday, February 15, 2012 2:07 AM
0

Sign in to vote

Well, don't know for sure, but they say they will have another update within the hour.

Wednesday, February 15, 2012 2:08 AM
0

Sign in to vote

I also picked up this virus JS / Blacole.BW. He removed my av with av 1.119.1972.0.retorn to spend again and found nothing, and there will be people that this virus removel.e another question he leaves the slow connection because here was slow. sorry for my english I used the google translator.

Wednesday, February 15, 2012 2:12 AM
0

Sign in to vote

Yay, i updated at "1.119.1988.0"

what about you guys..? is it safe now.??1?!??!? O_o

Wednesday, February 15, 2012 2:15 AM
0

Sign in to vote

get 1988 update but....issue still present.....anyone?

Wednesday, February 15, 2012 2:15 AM
0

Sign in to vote
How do you know when its fixed?

Will deleting detected items work when its fixed ?

when the update is released, you will recieve the malware inspection definition update on your TMG server at the next automatic update schedule (default polling frequency is 15 minutes, if you have changed this to be longer, you may want to reduce it down to the 15 minutes untill the update is sent out, to reduce disruption.

in TMG you can see the current version of your malware inspection in the "update centre" next to malware inspection

you should stop getting the error message and google will just go back to working.

EDIT: i have just recieved the update on my TMG server now, so it has been released...

i am on version 1.119.1988.0, and google is working successfully.
- Edited by BradStoltz Wednesday, February 15, 2012 2:19 AM
Wednesday, February 15, 2012 2:15 AM
0

Sign in to vote

The detection has been removed from my history automatically, so it must be the patch. :)

I think its fixed, everybody just check your detection history and tell me if its gone.

so i know that its not just me... that has this...

Wednesday, February 15, 2012 2:19 AM
0

Sign in to vote

Yay, i updated at "1.119.1988.0"

what about you guys..? is it safe now.??1?!??!? O_o

Updated my defs on TMG and it's going through fine now.

Wednesday, February 15, 2012 2:19 AM
0

Sign in to vote

everything work with latest updates...thx to all!

Wednesday, February 15, 2012 2:20 AM
0

Sign in to vote

Downloading the new def. Will let you know how it goes. People who are using SCCM to deploy FEP updates, may need to reduce the frequency of updates from Software update point component, so the SCCM server receives the latest def and also on the desktop policy for deploying to the client PCs

Wednesday, February 15, 2012 2:31 AM
0

Sign in to vote

Everyting works fine now...

Wednesday, February 15, 2012 2:32 AM
0

Sign in to vote

We are also experiencing the same issues with FEP.

Does anyone know if there is way to force all clients to quickly update to the latest definition file once/if Microsoft release the virus def? Or will we just have to wait for their update cycle?

You can do it in your Domain Controller, if you have.

Wednesday, February 15, 2012 2:33 AM
0

Sign in to vote

Our FEP2010 is now working with the new definitions.

Wednesday, February 15, 2012 2:37 AM
0

Sign in to vote

Looks like the latest update fixed the problem for me.

Wednesday, February 15, 2012 2:39 AM
0

Sign in to vote

yep, its gone from the history so all must be well.

Thank you all for the help.

Wednesday, February 15, 2012 2:56 AM
0

Sign in to vote
No updates available for our TMG servers yet - Had to add the *.google.com / *.google.co.nz sites to our exclusion list.

Patrick Squire - Twitter: @squip88
- Edited by coaxke Monday, January 13, 2020 11:15 PM
Wednesday, February 15, 2012 2:57 AM
0

Sign in to vote

Its the valentines day animation on google's front page that is triggering the alert with def 1.119.1972.0. It is only happening in IE for me, no alert in Chrome. The animation plays Hank Williams - Cold, Cold Heart :-)

Wednesday, February 15, 2012 3:10 AM
0

Sign in to vote

all good now. on def 1.119.1988.0

Wednesday, February 15, 2012 3:20 AM
0

Sign in to vote

I just got this alert but only upon opening IE, which I don't do often. I'm running an Eset online scan and IE makes it easier. So. confirmed, its only happening in IE. Also, i have just run Malwarebytes AntiMalware and it didn't pick up on anything.

Wednesday, February 15, 2012 3:24 AM
0

Sign in to vote
All good now. on def 1.119.1988.0

Thanks!

However, ...
The infected history has also been deleted.

Google purchased Motorola Mobility several days ago...
Today's problem of this was the Black Joke message for Google of Microsoft on St Valentine's Day !
Don't you think that that is right?
- Edited by rymst Wednesday, February 15, 2012 4:01 AM
Wednesday, February 15, 2012 3:57 AM
0

Sign in to vote

You will notice that it works with defintion 1.119.1942 as well. def 1972 throws up an error message. So we don't need to rush and deploy the latest def.

Wednesday, February 15, 2012 4:08 AM
0

Sign in to vote

Hi Every Body,

I changed our Malware Updates frequesncy to 15 mins and see now that the problem is fixed - MS have obviously released the update!

Hope your is fixed now.

Wednesday, February 15, 2012 5:55 AM
0

Sign in to vote

Hi all,

We are here in Middle East countered the same issue. Our TMG proxy definition still 1.119.1972.0 and there is no new updates detected, any ideas.

Wednesday, February 15, 2012 6:51 AM
0

Sign in to vote

It is NOT the Valentine's logo, the czech version of the site doesn't have the logo anymore for many hours and the warning still popped up. I don't know about you guys, but something fishy smells about this. It does happen in FireFox as well as soon as search was initiated. I don't think it is a false warning, too much of coincidence there.

Wednesday, February 15, 2012 7:18 AM
0

Sign in to vote

Hey, download and update it manually. It solves our problem too

Wednesday, February 15, 2012 8:50 AM
0

Sign in to vote
Hi,

Can any gentleman put the link for manually download the definition updates
- Proposed as answer by VondaK Wednesday, February 15, 2012 3:24 PM
- Unproposed as answer by VondaK Wednesday, February 15, 2012 3:24 PM
Wednesday, February 15, 2012 9:29 AM
0

Sign in to vote

http://www.microsoft.com/security/portal/Definitions/HowToMSE.aspx

go to this link and download updates and your problem should be solved

Wednesday, February 15, 2012 3:19 PM
0

Sign in to vote
this link should solve your problem, but I am a lady sorry

http://www.microsoft.com/security/portal/Definitions/HowToMSE.aspx
- Edited by VondaK Wednesday, February 15, 2012 3:24 PM
- Proposed as answer by VondaK Wednesday, February 15, 2012 3:24 PM
Wednesday, February 15, 2012 3:23 PM
0

Sign in to vote

Ms issued the following today

http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?name=Exploit%3aJS%2fBlacole.BW&threatid=2147654043

I updated MS Security Essentials and now am at version 1.119.2014.0
Jim Sauvage

Wednesday, February 15, 2012 6:45 PM

Products

Resources

Solutions

Updates

Trials

Related Sites

Training

Certifications

Other resources

Support options

More support

Not an IT pro?

Answered by:

Problems with malware inspection and google.com?

Question

Answers

All replies