The Internet Security Suites Blog

Monday, September 04, 2006

CA Internet Security Software Flags Windows Component as Virus

Computer Associates (CA) caused some headaches this week after its antivirus and internet security suite software inadvertently flagged component of the Windows OS as malware.

A spokesman for the security vendor told that the error followed an incorrect update of the application's antivirus signature file, causing it to remove or isolate a file named 'Lsass.exe'. The company released an update for its antivirus signature file within seven hours.

The Lsass.exe process is part of Windows' security mechanism. So users who had set their eTrust Antivirus and Internt Security Suite to automatically remove malicious software may have found that their systems crashed and were unable to boot up Windows once Lsass.exe was removed.

It’s not uncommon to see false positives in AV and anti-spyware software … for example, Sophos mistakenly claimed that few Microsoft Office and Adobe Acrobat Reader components on systems running Mac OS X were infected with the Inqtana virus. Last July Symantec detected the the Zlob Trojan in the Nullsoft Scriptable Install System tool. And Microsoft Anti-Spyware IDed some components of Symantec' Norton Antivirus as malware.

The biggest trouble for the CA Customer Service is that new AV signatures aren’t going to fix those issues for users who downloaded the update files.

Anti Spam Review
Internet Security Settings
ID Theft Protection


Post a Comment

<< Home