Using sec 5 and end point 10.
I have blocked vaious applications using the application control feature. But I have noticed that a lot of the clients get false positive alerts in their detection list. This is a result of the weekly scan and it is detecting the likes of telnet and ftp within winxs folder and not when they are used, just the mere existence of the application exe. Surely the application control should be for use of applications and not the mere existence?
I don't want to have to manually add exclusion for these exe because they may be worth blocking the use of the application but as they are standard windows components I can't remove them. I don't want to add exclusion for winxs folder because some malware hides in that folder.
I realy like the application control feature but having all these false positives is kind of annoying, i find false positves in general can be dangerous because a) it prevents people from taking note of real issues b) it could quanantine valid exe or dll.
On another note where do i report false positives for on access can beacuse we have a dictation software called winscribe that recently had a bunch of their dll quanantined by on access scan and i had to add the winscribe folder to exclusion list.
File "C:\Program Files\WinScribe\Author\Interop.mscoree.dll" belongs to virus/spyware 'Mal/Generic-L'.
This thread was automatically locked due to age.
