SAV false positive in blindman.exe

Symantec Antivirus (SAV) is detecting a component of Spybot Search and Destroy as a Trojan Horse. This detection seems to have occurred in the latest AV definition updates (5/30). The file in blindman.exe.
According to the Safer Networking site, this file does nothing. It is used to prevent boot delay caused by their method of disabling unwanted autorrun items.
**update** – Symantec has announced that they will be releasing an update to fix this false positive this evening. Its already available in Rapid Release if you need that now.

2 Comments

  1. Hey, it would be nice if you linked to the Symantec accouncement. You are the only place I can find this information on the web. I can find no reference to this @ symantec at all. I sure WANT to believe you but can you attribute your sources?

  2. Symantec’s announcement came in an email. Not sure which subscription this is, it looks like a release notification email:
    —–Original Message—–
    From: [email protected] [mailto:[email protected]]
    Sent: Wednesday, May 30, 2007 9:12 PM
    To: [email protected]
    Subject: Symantec Security Response will post LiveUpdate virus definitions today, May 30, 2007 PDT
    This posting is in response to a false positive detection on the file
    blindman.exe, part of the Spybot Search & Destroy application. This FP was
    first released in the 5/30/2007 rev.20 Intelligent Updater and LiveUpdate
    definitions, and was corrected from Rapid Release definitions #69173. An
    additional message will be sent approximately 30 minutes before the
    LiveUpdate virus definitions are available for download.
    ———-
    For additional information, visit our website at
    http://securityresponse.symantec.com
    The SANS Internet Storm Center has now posted about this issue as well.
    http://isc.sans.org/diary.html?storyid=2897

Comments are closed.