SAV False Positive in Resource Kit Utility

This evening after the latest SAV update, I’m seeing detections on all of my systems with the Windows Resource Kit installed. The files instsrv.exe and srvany.exe are detected as Hacktool.
Both files are used when creating a service.
We’ll see if they back off this detection, or if it will be yet another thing we have to whitelist (and whitelisting doesn’t work so well in the version of SAV I am running. Vendors need to do a better job being flexible about potentially unwanted programs.
update – received an email from symantec
From: [email protected] [mailto:[email protected]]
Sent: Friday, June 22, 2007 10:07 PM
Subject: Symantec Security Response will post LiveUpdate virus definitions today, June 22, 2007 PDT
This posting is in response to a false positive detection on the file srvany.exe from Microsoft’s Resource Kit. This FP was first released in Rapid Release definitions 70045 and later in the 6/22/2007 rev.33 Intelligent Updater and LiveUpdate definitions. The false positive has been corrected from Rapid Release definitions #70065. Anadditional message will be sent approximately 30 minutes before the LiveUpdate virus definitions are available for download.

One Comment

Comments are closed.