Office Scan detecting false positive

[Sasheal]

I am using Office Scan on my PC. It is recently detecting TDSSKiller as a false positive, and deleting it. It says Security threat PAK_ScramUPX. It is not a virus, but a Kaspersky malware removal of the family Rootkit.Win32.TDSS. So I need a solution, as to what I should do in order to remove it from Office Scan as virus, as it constantly deletes it. I have to use this some 20 times a day, so please do something about it. Is there any method by which I can solve this problem? I would be glad if someone helps me out here.

[Carley]

Please read the description of the thread carefully, it says that the detection of PAK_ScramUPX is not a virus but as a possibly malicious executable files which use Win 32 compression. This detection is because of the heuristic detection, you may want to disable IntelliTrap from the anti-virus to stop it from detecting the virus. IntelliTrap detects malicious codes such as bots. Though disabling it weaken your system. SO, this is not a method I would suggest applying though. There must be some other way too.

[Lemog]

Yes, disabling IntelliTrap will surely weaken your system, so don’t do that. Instead you can send the file or virus for analysis at Trendlabs. If they find the file to be clean as you say, they will add to IntelliTrap Whitelist Exception patterns. So, on next update, it will update the system not to detect that file as a virus and you will no longer get the false positive you are getting now. But, yeah it will take some time adding to the Whitelist till then have patience. Hope this helps you. And, detection of a possible malicious file is still a false positive and the Office Scan should themselves correct it soon

[addie]

I don’t know what is their problem for deleting the known non-malicious programs. I mean it doesn’t even detect true viruses like FakeAV apps, and go on deleting this programs which do no harm to your PC. What they are doing is labeling the competitor’s ie Kaspersky’s known programs and intentionally marking them as possible virus so that people delete this genuine programmes from their PCs. Well, you should just send it to TrendLabs and hope that they add it to the exceptions.

[Candace]

For all those complaining about intellitrap detecting false alerts, here’s a good news for you. The TMWhite CPR pattern version 0.680.09 is now available to you. It has added the exception to the whitelist. Simply extract the contents of the file on “…\Program Files\Trend Micro\OfficeScan\PCCSRV” and it will get deployed on the client soon enough. If you want to you can extract it to the client folder manually by copying it to the client folders.

[Lemog]

I did submit it to Trendlabs maybe it will get checked out soon and add it to the exception. Thank you for replying to me. I hope this solves soon, as it’s not just my one PC that’s suffering but all the 100k PCs in my office. Since it’s a big business and requires it to be up to date. I also downloaded the latest whitelist exceptions and tried to install the app but I am still getting the error: IntelliTrap Exception Pattern 0.683.00 Tmwhite.683. So, I don’t think it works or is properly updated by it. Hoping I get the solution soon.

[Wguy2008]

I don’t know what version have you updated, I use tmwhite pattern 0.685 and the file is no longer detected as a false positive. So, I think after last update and added to exceptions the application has been updated again as it is dated recently. So the new version has to be whitelisted again at TrendLabs. You may also exclude TDSSKiller.exe from future versions as being scanned by OfficeScan manually. That may stop it permanently. Since, adding exceptions to whitelist is a risky task, you will need to update to Trend micro frequently whenever there is a newer version of the file.