This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

%win%/system32/regsvr32.exe quarantined

I've got a user with an XP box running Sophos v9.5. Sophos has quarantined Windows/system32/regsvr32.exe.

I'm finding confilicting posts about the essential importance/dangers of this file. Microsoft states:

http://support.microsoft.com/kb/249873

Regsvr32.exe is included with Microsoft Internet Explorer 3.0 or later versions, Windows 95 OEM Service Release 2 (OSR2) or later versions, and Windows NT 4.0 Service Pack 5 (SP5) or later versions. Regsvr32.exe is installed in the System (Windows Me/Windows 98/Windows 95) or System32 (Windows NT/Windows XP/Windows Vista/Windows 7) folder.

Note On a 64-bit version of a Windows operating system, there are two versions of the Regsv32.exe file:

The 64-bit version is %systemroot%\System32\regsvr32.exe.
The 32-bit version is %systemroot%\SysWoW64\regsvr32.exe.

Sophos does not identify it as a threat anywhere on its website but apparantly due to its role the Sophos client quarantines it.

Can I take this file out of quarantine and restore it?

thanks

This thread was automatically locked due to age.

Parents

0 lucas over 14 years ago

I am having the same issue with Sophos quarantining c:\windows\SysWoW64\regsvr32.exe (i.e., %systemroot%\SysWoW64\regsvr32.exe). The OS is Windows Server 2008 R2. The suspicious behavior is indicated as HIPS/RegMod-009 I did a full scan of the system and it came back with zero infections of any sort.
:13387
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 lucas over 14 years ago

I am having the same issue with Sophos quarantining c:\windows\SysWoW64\regsvr32.exe (i.e., %systemroot%\SysWoW64\regsvr32.exe). The OS is Windows Server 2008 R2. The suspicious behavior is indicated as HIPS/RegMod-009 I did a full scan of the system and it came back with zero infections of any sort.
:13387
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data