Cannot add false positive mswsock.dll to exceptions

Hello!

I just update CIS to 4.0…828. After this CIS has some false positives, that does not have before, f.e. C:\WINDOWS\SYSTEM32\mswsock.dll. I added this file to exceptions and to safe files, but alert appears again and again. My OS is WinXP Professional SP3 Russian.

Regards, Oleg

Could you please append a screenshot of the alert? And add the other information requested above for bug reports?

Take care in case this is malware

Also please check the file by using Start ~ Run ~ & typing in sigverif.exe. This will check the folder it’s in for unsigned files. If it’s unsigned or has a corrupt signature then you may have a problem.

Best wishes

Mouse.

Please report these files as false positives here:

If they are false positives then they will be quickly removed from the database.

If they’re not then you’ll know that you shouldn’t be adding an exception for them. They’ll usually let you know within a few hours whether they’re malicious or not.

Mouse, Chiron! Thanks for your help.
I send this file to Comodo as false positives and after virus signatures update the problem with this file does not exist. But the real problem was that I could not add this file to exceptions yesterday. After virus alert I choose ‘Add to exceptions’ but virus alert on this file appeared again and again. I repeated this several times but it did not help. I looked at antivirus exceptions and there were several c:\windows\system32\mswsock.dll instances. I had to disable antivirus. This is really strange. But now after virus signature update all is ok.

Maybe someone will be able to reproduce this behaviour on another file.

Regards, Oleg

I’m not as familiar with the AV side, so I’ll let someone else pursue this. My guess is that heuristics keeps finding a problem, and this is not over-ruled by MS code signing, possibly due to some problem with the Windows catalogue in your (Russian) version of Windows.

Best wishes

Mouse