Microsoft Antispyware false positive pooches SAV

Looks like I should blog this since Chris Mosby is linking over here. (thanks for the linkage chris). I posted about it on the myitforum.com antivirus discussion list rather than posting here so I could see what others were seeing.

An blog entry by tech reporter Brian Krebs notes that Microsoft Antispyware (MSAS) is (or has) tagged Symantec Antivirus as a keystroke logger. If you then follow the MSAS removal prompt, you'll remove enough of your SAV client that it wont work anymore.

The source of these reports are Microsoft Antispyware newsgroups, I haven't seen anything on the Symantec or Microsoft website on this. Apparently the problem was with the 2/10 definitions. Newer definitions are available.

One interesting thing from the comments in the MS Newsgroup, they have had problems in the beta with deploying Microsoft Antispyware updates. Caching servers are really causing a problem.

If this has happened to you, you best bet is probably an uninstall reinstall. I dont know if restoring from Quarantine will work in this case. Time to go check on the status of systems in my enterprise to see if any have had this problem.

[UPDATE]:
Techworld reports that this effects pretty much all SCS and SAV corporate edition. That makes sense since it is detecting something in the landesk registry key that SAV stores all its stuff in.