Trend Micro of OfficeScan found out that the Microsoft official website was regulated as a malicious code / malware distribution site


ByAndreas Solberg

I misunderstood the URL occurred and what I got strange It turned out that there was an outrageous mistake that the Microsoft official website could not regulate and you could not connect to the Microsoft official website and on the contrary WindowsUpdate could not be done and fail.

Support information: Trend Micro
http://www.trendmicro.co.jp/support/news.asp?id=1880

The address registered incorrectly is "http://*microsoft.comIt seems to be caused by trying to restrict the malware distribution site of the domain like the official site of Microsoft probably at the same time.

Therefore, the category when regulated is "Distribution of malicious code"Malware"It has become a form which made a mistake not to be pretty sharp to Microsoft who is a Windows developer.

Details are as follows.

I have confirmed the occurrence of the URL misregistration in InterScan Webmanager (hereinafter referred to as ISWM).

■ Incorrect registration URL

http://*microsoft.com

■ Mistaken registration category

ISWM 6.5 / 7.0 [Security · Proxy] - [Distribute illegal code]

ISWM 8.0 [Security] - [Malware]

■ Correspondence situation

Regarding this false warning, categorization is done again with the following URL database.

After 2012122503

Influence range

A block screen is displayed when connecting to the corresponding URL and connection can not be made.
Also, because WindowsUpdate's connection destination is regulated in the same way, there is a possibility that the update failed.

■ How to deal with products

We have delivered the URL database which changed the category already.
Interscan WebManager It is possible to connect normally by reconnecting after downloading the database from [System management] - [Download setting] in the management console.

We apologize for any inconvenience caused by incorrect registration of our product category.

previousThe OfficeScan erroneously detected the download of "Tsukuru Tsukuru" and blocked the phrase, and the author showed "Confirming that it is related to online fraud" and protests protestedThere are various twists and turns when doing, eventually"Fiddling with Tsukuru" Author makes rage to the block of OfficeScan, decides to stop updating until Trend Micro correspondsFurthermore, on October 6, 2012, we declared a software update pause, and as of December 21, it was taken up in the Yomiuri Shimbun as follows.

"Fraud" on healthy sites, frequent false detection of countermeasures software: Society: YOMIURI ONLINE (Yomiuri Shimbun)
http://www.yomiuri.co.jp/national/news/20121221-OYT1T00817.htm

"No matter how many times we make a complaint, we can not improve it, I am tired." System engineer Takuya Yabuki (33) in Saitama City stopped offering free software for October, which has been running for over 10 years. Mr. Yabuki's website, which developed software that enhances the processing power of personal computers, was popular enough that tens of thousands of items were downloaded every month.

However, as from May this year, as inquiries such as "I was warned that" a fraudulent website "was warned" in a sudden manner. Since both were warnings of the same antivirus software, we contacted the manufacturer and found out false detection. Although "fraud designation" was canceled, erroneous detection was repeated more than 10 times afterwards. The cause of erroneous detection has not been explained yet. Mr. Yabuki sighed, "I lost the trust of the user".

This issue has been taken up as a big article that uses half of the evening paper of the Yomiuri Shimbun as well as articles on the Internet,Trend Micro's OfficeSec error detection problem literally becoming a newspaperIt is a result.

As major partners like Microsoft are dealing with haste like this time, I would like some sort of false detection around here.

in Note,   Software, Posted by darkhorse