Tuesday, February 23, 2010

CA Internet Security Suite Win32/ASuspect False Positive

Win32/ASuspect is the latest message users of CA Internet Security Suite are seeing beginning last night February 22nd 2010.

CA is reporting wuweb.dll as a Win32/ASuspect Trojan and automatically placing it in quarantine. This file is part of Windows Update process which is now failing to execute.

I support several customers using CA Internet Security Suite and all have reported seeing this error message. I've done some checking on the web and CA Support forums have lit up like a christmas tree. However because I'm a cautious man I submitted a copy of quarantined wuweb.dll to virustotal.com and as expected results came back clean.

Looks like we have another case of CA False Positive. I'm sure CA will fix this quickly by pushing out new signatures however what worries me is the frequency because CA had a case of false positive last year in 2009 and secondly I'm not seeing much about this on their website. As a good corporate citizen I think CA should be informing their customers about such problems quickly. Consultants such as myself get these frantic phone calls from clients; then we spend our valuable time investigating such matters only to find its a false positive. It would save me much headache if CA could post a message to their Forum or website.

Come on CA I expect better from you.

1 comment: