Scanning Loop..

  • CPU: 32-bit
  • OS: Windows XP SP3
  • Actively-running security and utility applications: CIS & SuperAntiSpyware Pro
    Brief description of your Defense+ and Firewall+ mode: (AV=Stateful, Firewall=costum, Defense+=Paranoid, and Image Execution control settings=agressive)
  • Administrator account
  • CIS 3.9.76924.507
  • CIS database number: 1162
  • heuristics: high

I were scanning my computer once. ignored the threats found. (added them to exclusion list).
I then removed them from the exclusion list and then scanned again…

This time it did Keep scanning, (i think it did keep scanning the windows folder, over and over.) I stopped it, as it start detecting the files for the 3rd time, in 1 scan.

[attachment deleted by admin]

Just tried to reboot, it did finish the scan this time, but found the threats 2 times…

[attachment deleted by admin]

what are your heuristics set to?

High, but the scanning were fine yesterday.
I didn’t have this problem before the update to CIS today, after the release yesterday.
So i don’t know if that’s the reason.

I only discovered this because i wanted to check if the FP’s had been fixed.

But just did a clean install again, and hoping it will help.
I only do first scan now though, to see if it helped…

And will try to reproduce the problem, by adding threats to excluded items, removing them, and scanning again…

Other wise i have no clue why it acted like it did…

please keep heuristics to low or at most medium. The ones right now are very prone to FP that is the reason why I don’t recommend high. Use the signatures as your main detection set.

When I research new malware I always keep mine set to low, that way a new signature gets created and people don’t have to mess with the AV settings.

-and it is a bug.

Btw here is how it should be, same settings. i just reinstalled…

[attachment deleted by admin]

I could not reproduce it…

Did a full scan where i added the treats to exclusion.
then did 2-3 where i just scanned the system32 folder where i added them to exclusion.
And then did a full scan again…