Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 9 replies
  • Subscribers 1 subscriber
  • Views 3759 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Many Troj/SwfExp-BT Alerts

MarkPA

Anybody else getting spammed with alerts about Troj/SwfExp-BT?  Wondering if I have an actual problem or another bad def update.

:39811


This thread was automatically locked due to age.
Parents
  • 0

    I am seeing them too.  I believe it's a false positive.  I've got a dozen or more detections on various machines.  One of the machines it got detected on hasn't been used in 6 months.  It was detected under the user profile of a staff member who's Active Directory user account is disabled and has been on maternity leave for 6 months.  So unless Sophos just recently updated their definition files to catch this particular variant (which I doubt)  this is a false positive.

    Also, a message for Sophos in case anyone is monitoring this thread.  When I go to the URL below to search for 'Troj/SwfExp-BT', it returns zero results.  It's a little unnerving when your enterprise AV product is getting hits on a virus and you go the vendor to get more information about the malware and it's coming up blank.

    http://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware.aspx

    So, rather than searching for the exact variant, I just searched for 'Troj/SwfExp' under 'all threats'.  It tells me it found 144 results and displays page 1-10.  So I click next and it displays results 11-20.  So I click next again and then the total results switch to only 21.  And it displays 21-21.  It goes from telling me it found 144 results on page 1 to 21 results on page 3.  Something is broken.  In short, searching this library for anything useful relating to 'Troj/SwfExp' isn't worth a **bleep**.

    :39821
Reply
  • 0

    I am seeing them too.  I believe it's a false positive.  I've got a dozen or more detections on various machines.  One of the machines it got detected on hasn't been used in 6 months.  It was detected under the user profile of a staff member who's Active Directory user account is disabled and has been on maternity leave for 6 months.  So unless Sophos just recently updated their definition files to catch this particular variant (which I doubt)  this is a false positive.

    Also, a message for Sophos in case anyone is monitoring this thread.  When I go to the URL below to search for 'Troj/SwfExp-BT', it returns zero results.  It's a little unnerving when your enterprise AV product is getting hits on a virus and you go the vendor to get more information about the malware and it's coming up blank.

    http://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware.aspx

    So, rather than searching for the exact variant, I just searched for 'Troj/SwfExp' under 'all threats'.  It tells me it found 144 results and displays page 1-10.  So I click next and it displays results 11-20.  So I click next again and then the total results switch to only 21.  And it displays 21-21.  It goes from telling me it found 144 results on page 1 to 21 results on page 3.  Something is broken.  In short, searching this library for anything useful relating to 'Troj/SwfExp' isn't worth a **bleep**.

    :39821
Children
No Data