Kaspersky flags TCPIP.SYS as Malware
One of our readers has alerted us to the fact that Kaspersky AV has identified tcpip.sys as malware on his Windows 7 32bit hosts - the file is flagged as "HEUR:Trojan.Win32.Generic"
Fortunately, Microsoft's Windows File Protection feature ( http://support.microsoft.com/kb/222193 ) prevented it from quarantining this critical file, but his end users were all treated to the error message (both from the AV and from the OS I'm guessing)
His version of Kaspersky is the OEM Checkpoint version, but it appears to be a Kaspersky issue, not Checkpoint specific.
Kaspersky has verified ( https://twitter.com/kaspersky/status/393777843341393920 ) that this is resolved in their latest update. If you're seeing this issue, get your AV to "phone home" for the fix!
===============
Rob VandenBrink
Metafore
Comments
Anonymous
Oct 25th 2013
1 decade ago
There's really no reason in the world it ought to be possible to have a false positive on TCPIP.SYS; the crypto hash of the legitimate versions of the file should be well-known by now.
Anonymous
Oct 25th 2013
1 decade ago
Anonymous
Oct 25th 2013
1 decade ago
Temporary solution:
1. Do not restart the computer.
2. Restore tcpip.sys from quarantine folder.
3. Create exlusion rule for "C:Windows\System32\drivers\tcpip.sys "
Anonymous
Oct 26th 2013
1 decade ago
Anonymous
Oct 29th 2013
1 decade ago