BLM and tcpip.sys patch FP's

Version 477 (XP SP3+ x86)

File: BLMInstall277.exe (BlockList Manager)
Name: Unclassified Malware@8800800
DB: 1030
Heuristics Scanning/Level: Low

File: EvID4226Patch.exe (to change the half-open TCP limit from 10 …….)
Name: ApplicUnsafe.Win32.Tool.EvID4226@89206
Url: - Tipps, Tricks & Utilities - Downloads
DB: 1030
Heuristics Scanning/Level: Low

Both of these files/functions have been out there for years and are used by many users. For years there have been discussions on internet if they are malware or not. Previously they were indicated as malware by many AV vendors (i.e. NOD32) but have been accepted and so should CIS I think.

Hi schakan,

Thanks for Reporting.
FYI: “Application/ApplicUnsafe/ApplicUnwnt” are keywords used to notify the sample are of potentially unwanted/dangerous application.

User can use those application at their own Risk.

We are not terming those application as virus/malware.

So we would change the detection name of BLM (Unclassified malware) to Potentially dangerous Application.

Thanks and Regards,

Hi Suresh

Ok, I see. Thanks for the info.