msi files are considered archive files and not unpacked for scanning by default or Self-extracting win32 executables, which would be unpacked for scanning by default. That will stop the File System Shield scanning any file you put in that folder. Re: False positive Win32:malware-gen Reply 2 on: July 18, 2011, 08:58:21 PM That also rather depends on the scan settings, as I'm not sure. Now exclude that folder in the File System Shield, Expert Settings, Exclusions, Add, type (or copy and paste) C:\Suspect\* You can't do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.Ĭreate a folder called Suspect in the C:\ drive.
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here, post the URL in the Address bar of the VT results page. If you can extract the pcftofon.exe file using something like 7zip, then you could confirm the detection: However, the one in the system restore, restore point is one and the same file (just given a different file name). This is supposedly a font converter and it may be its actions which could be considered suspicious and why it is picked up by a generic signature, Win32: malware-gen (the -gen at the end), which are more prone to FP.ĭo you actually know what this. The file detected pcftofon.exe is effectively within two archives, the Data1.cab, which is within the x-Win32-7.1.msi file, so is pretty inert. That also rather depends on the scan settings, as I'm not sure.
0 kommentar(er)
