| T O P I C R E V I E W |
| GregDude |
Posted - Oct 27 2010 : 8:13:54 PM
Just started seeing this thread warning on VA_X.dll.
I removed and reinstalled VAX and got the warning again on install.
Looks like a false positive. Anyone else seeing this?
Edit: I'm guessing the latest update to MSSE uses a pattern match to incorrectly determine VAX is a malware anti virus scanner, due to the way it scans source code files to build it's intellisense style database.
Edit: The latest MS Security Essentials update resolves this issue. (As of definition v1.93.648.0 and later.) |
| 15 L A T E S T R E P L I E S (Newest First) |
| sean |
Posted - Oct 29 2010 : 2:12:56 PM
Can you try another update? We had a couple of people report that the problem wasn't fixed until they updated to 1.93.695.0 or 1.93.667.0. |
| Codeplug |
Posted - Oct 29 2010 : 11:48:59 AM
New definitions seem to still give false-positive on older dll's:
Microsoft Security Essentials Version: 1.0.2498.0
Antimalware Client Version: 2.1.6805.0
Engine Version: 1.1.6301.0
Antivirus definitions: 1.93.648.0
Antispyware definitions: 1.93.648.0
And VA_X.dll version 10.4.1647.0
VA_X.dll identified as "Rogue:Win32/FakeSecSen"
gg |
| znakeeye |
Posted - Oct 29 2010 : 03:13:59 AM
I bet VA_X.dll is encrypted. This might happen again.
How to avoid it? CODE SIGN your dll! It highly reduces the risk of getting these errors! |
| GregDude |
Posted - Oct 29 2010 : 12:07:18 AM
quote:
Originally posted by sean
Just received notification that the definition library has been updated...
Confirmed!
The latest MS Security Essentials update resolves this issue. |
| dddebug |
Posted - Oct 28 2010 : 8:50:25 PM
Same here. I have Security essentials beta, 2.0.375.0.
Antivirus definition: 1.93.648.0
Antispyware definition: 1.93.648.0
And quite old version of VA-X.
dd.
|
| sean |
Posted - Oct 28 2010 : 1:36:31 PM
Just received notification that the definition library has been updated:
"The definition library for MicrosoftG??s anti-malware products has been updated to version 1.93.648.0. We believe this new definition library contains the updates necessary to resolve your question relating to Visual Assist X. This new definition library is now available for users who subscribe to the automatic definition update mechanism, as well as users who choose to manually update their definition library." |
| KaanX |
Posted - Oct 28 2010 : 11:19:40 AM
I just tried it again, and it worked. Don't know why 
While I was trying to install VA again, Windows did an update at the background, maybe the definitions are updated and it's no longer a threat. It runs fine now, thanks. |
| sean |
Posted - Oct 28 2010 : 11:11:53 AM
Can you check the scanner history to see if it automatically removed the new version you installed? |
| KaanX |
Posted - Oct 28 2010 : 11:06:22 AM
The same false positive appeared on my installation too. I clicked the "clean computer" button (thinking that I actually have a trojan).
Now my Visual assist menu is all disabled (grey). I tried to uninstall VAX and reinstall again. Installation goes without problems, but my menu is still disabled (And VA does not work). What can be the cause of this problem? |
| sean |
Posted - Oct 28 2010 : 10:49:17 AM
We have received the following from Microsoft Malware Protection Center:
"Based on our investigation results, we believe that we have resolved your question relating to Visual Assist X. The definition library for Microsoft's anti-malware products will be updated shortly to reflect this change. Customers that subscribe to Auto Update will automatically get the update to the definition library. We will send you a follow-up e-mail once the change to the definition library is confirmed."
I will post when we receive the change confirmation.
|
| sean |
Posted - Oct 28 2010 : 01:41:10 AM
So far, only the Microsoft tools identify VA_X.dll as some sort of malware:
http://www.virustotal.com/file-scan/report.html?id=f1cdccd072acc819c87e6254d2e3b2a954a4f23461e5952308e38720fbe867b4-1288230838
We've also confirmed that the latest definitions flag 1832 and 1828 with the same issue. We are leaning towards false positive and have restored the 1833 download. A false positive report has been filed ( http://www.microsoft.com/security/portal/Shared/VendorFP.aspx ). |
| sean |
Posted - Oct 28 2010 : 12:02:47 AM
Yes - we have received several reports of this. It appears this is being triggered by the most recent definition update. We have removed the 1833 download until we can get confirmation from MS. |
| ub3rst4r |
Posted - Oct 27 2010 : 11:23:34 PM
I opened my visual studio as well today to find MS Security Essentials giving a false positive. Exclude it by opening MS Security Essentials -> Settings Tab -> Excluded files and locations -> Add... and then locate VA_X.dll. I also sent it to MS so they can review it. |
| mht |
Posted - Oct 27 2010 : 11:18:49 PM
Yes, me too.
Windows 7 64-bit
Microsoft Security Essentials definitions updated on 10/27/2010,
Virus definitions version: 1.93.562.0
Spyware definitions version: 1.93.562.0
|
| dstanfill |
Posted - Oct 27 2010 : 10:59:35 PM
Yes, I am seeing the exact same thing. Tough choice whether to do with VAX until it is sorted or risk actual harm... Hopefully someone will post some info soon? |
