Autoback.exe False Positive

Autoback.exe causes a CAV prompt when it attempts to make a registry backup. This file is part of Erunt and is launched at bootup. It makes a backup copy of the system registry. The file is only detected by CAV when it is launched. CAV doesn’t prompt when manually scanning autoback.exe. I get the prompt when the system boots and autoback.exe attempts the registry backup. A shortcut for autoback.exe is placed in the Startup folder in the Start Menu. Adding autoback.exe to my Exclusions list bypasses the CAV prompt, but I shouldn’t have to have it in my list. Thus, I consider it a false positive. Screenshot and files attached.

Homepage: http://www.larshederer.homepage.t-online.de/erunt/

CIS 3.11.108364.552 CFP, CAV and D+ enabled in Safe Mode and On Access
Database 2155
No other realtime security software
WinXP Pro SP3

[attachment deleted by admin]

Hi L.A.R. Grizzly,

We are going to have a look at it and will get back to you after investigation.

Thanks and Regards,
hailong.■■■■

Hi L.A.R. Grizzly,

The reported FP has been fixed in DB 2157.
Please verify with latest update.

Regards,
-Chandra Mohan

The FP has not been fixed on my system. I still get the prompt at bootup.

Database: 2162

Hello,

Thank you for informing us about this situation. We will investigate and get back to you.

Regards,
Sonia Botezatu.

You haven’t answered back in this thread, but you may have fixed the FP. I haven’t had a prompt in the last two days. Did you figure out a solution?

Current Database: 2183

Hello,

We are still encountering a few problems in resolving this issue. When it will be fully solved we will let you know.

Regards,
Sonia Botezatu

OK, thanks. I’ll try to be more patient. :-\

Just keeping you up-to-date. Today was the first time I received a prompt since my last post. As usual, I got the prompt at bootup.

DB: 2207

Hello,

The false positive has been fixed. Please upgrade to virus DB 2402 of CIS 3.12.111745.560 and confirm.

Regards,
Sonia Botezatu.

As a matter of fact, I haven’t received a prompt since upgrading to 3.12.111745.560. If I get one in the future, I’ll post back. Thanks for looking into this!
(V)