Weird FP

Hey all I am testing a new AV and got some weird FP on some files. It also looks like CCE is now able to scan registry keys, since when? This is new to me.

[attachment deleted by admin]

What’s new in CCE 2.4.225190.192?

NEW!Add more system/process information to KillSwitch, including disk IO, network IO, GPU, .Net Assembly, etc.
NEW!Scan for abnormal system settings in CCE
IMPROVED!Detect and clean tdss boot partitions
IMPROVED!Enhanced Windows system file repair
IMPROVED!Clean remnants of viruses and rootkits from certain registry locations as well
IMPROVED!Added detection for files signed with weak Authenticode signatures.
IMPROVED! Defense CCE applications against global hook.
FIXED!Autorun Analyzer crashes under certain circumstance.

Changelog of the latest version.

well it never seemed to work before, but it now looks like it does. Cool.

It worked.

It works in that way: when malicious file is found CCE looks up in the registry for keys connected with that file. CCE doesn’t have signatures of malicious registry keys, it just marks these keys that are connected with infected file. (mostly autorun keys)