We appear to have hundreds of false positive temp files flagged as a Trojan Horse. When we examine the Temp folder location, the flagged pde type files are not found. So I'm confused as to the left alone report. The detections also create confusion for our senior management, who have asked if SEP 12.1 is allowing malicious files to remain on a production system. So information on this detection would be appreciated. I've included some of the details below. Again, this is seen on multiple systems.
Thanks,
Risk Information
Risk name:
| Trojan Horse |
Risk severity:
| 1 |
Discovered:
| 02-19-2004 00:00:00 |
Download site:
| N/A |
Downloaded or created by:
| N/A |
File or path:
| C:\Windows\TEMP\pde7408.tmp |
Application:
| |
Version:
| |
File size:
| 0 |
Category set:
| Malware |
Category type:
| Virus |
Hash:
| |
Hash algorithm:
| SHA-1 |
Company:
| N/A |
Risk Detection
Date found:
| 04-17-2013 06:05:30 |
Description:
| "Still contains 1 infected items" |
Actual action:
| Left alone |
Specified primary action:
| Leave alone (log only) |
Specified secondary action:
| Leave alone (log only) |
Detection source:
| Manual Scan |
Risk detection method:
| Signature-based Detection |
URL tracking:
| Off |
Source computer:
| |
Event type:
| Compressed File |
Database insert date:
| 04-17-2013 06:14:10 |
Event client date:
| 04-17-2013 06:05:30 |
Permitted application reason:
| N/A |
Risk Reputation
First seen:
| Reputation was not used in this detection. |
Reputation:
| Reputation was not used in this detection. |
Prevalence:
| Reputation was not used in this detection. |
Performance impact:
| High |
Overall rating:
| High |
Detection reason:
| Antivirus engine |
Minimum sensitivity level:
| N/A |
Side effects
|
Status | Operation | Data Type | Location |
Successful | Leave Alone | File | C:\Windows\TEMP\pde7408.tmp |