since yesterday i’m receiving reports from several places where i installed CIS about a virus who got stuck in their computers and disabled internet access.
i’ve entered through UltraVNC 1.0.2 (btw winvnc.exe + vnchooks.dll are also false positives) so they have Internet. I’ve got a careful look in their event viewer and saw that 2 Internet Explorer dll’s, ieproxy.dll and xpshims.dll were blocked and classified as “UnclassifiedMalware”.
We verified them and ieproxy.dll & xpshims.dll were found as being false-positives. A fix is already live with DB 3580.
Both winvnc.exe & vnchooks.dll are potentially unsafe applications, therefore detection was not modified. If you want to use them further, you can add them to CIS exclusion list.