Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: CA Apologizes for False Positive SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
CA Apologizes for False Positive

One of our readers, Melvin, was kind enough to send us a heads up on an issue with CA DAT files.   The site refers to a "false positive" detection for Win32/Amalum for detections via Microsoft Windows Service Pack 3 and commercial application, Cygwin.  The files are quarantined and the file is appended with the extension "*.AVB".  The files will still be intact and organizations running ISS should restore files from the GUI.  For those using ITM, a search tool is available from CA support upon request. 

Please update your signatures to DAT 6606 to ensure protection from the false positive.  Here is a link to the CA statement. 

Mari Nichols

iMarSolutions.com

Mari Nichols

76 Posts

Sign Up for Free or Log In to start participating in the conversation!