Ian-OG writes "Following the recent IDE updates that flagged the CCleaner system optimization application as malware, Sophos have now confirmed that this application is safe...
...though they have stopped short of saying that the initial detection was down to a false-positive created by the recent IDE updates.
Instead, the ccleaner.exe file is said to exhibit activity or features common to known malware, which includes downloading files from the Internet (in this case they would be the updates that are occasionally released), plus that it modifies the Registry (the run-on-startup entry, for example).
It remains to be seen if a future IDE update will correct the initial analysis of CCleaner. Until that happens, Sophos quarantines both the ccleaner.exe file and the Run-on-startup Registry entry.
Users must either authorize the program locally (if permitted by their administrators - the local SAV console can be restricted for non-admin users), or wait for/persuade their Network Managers to authorize CCleaner via the Enterprise Console (see Sophos article 25227.html for details). Once these instructions are followed, the application will run once more, although it will still show in the Quarantine list until manually removed.
============================
Thank you for contacting Sophos.
The sample e-mail you have sent in for analysis does not contain viral file(s).
The application detected as Sus/Behav-1001 is clean and can be authorized .
See instructions on handling Suspicious Behaviour with Sophos Antivirus Application Control on below link under Recovery section:
http://www.sophos.com/support/knowledgebase/article/23949.html
============================
This news follows on from http://www.castlecops.com/a6809-Sophos_Antivirus_flags_CCleaner_as_malware.html
"
Posted on Monday, 13 August 2007 @ 22:40:02 UTC by PCBruiser (2501 reads) [ Trackback ]
