Microsoft Security Essentials flagged dbserv11.dll as a
problem file and quarantined the file (moved the file).

The description is shown below.

Is this a false positive or does this file have a history of
being infected/replaced by malware?

When I go to the Microsoft site to get additional info,
there is not much said except the first report is 10/9.

I think this flag is a false positive but I wanted to get
any additional info and alert others of this situation if
this is a false positive.


------------------------------------------------------------
VirTool:win32/Obfucator.GY

Category: Tool

Description: This program is used to create viruses, worms
or other malware.

Recommendation: Remove this software immediately.

Microsoft Security Essentials detected programs that may
compromise your privacy or damage your computer. You can
still access the files that these programs use without
removing them (not recommended). To access these files,
select the 'Allow' action and click 'Apply actions'. If this
option is not available, log on as administrator or ask the
local administrator for help.

Items:
file:C:\Program Files\SQL Anywhere 11\Bin32\dbserv11.dll
shareddll:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTV ERSION\SHAREDDLLS\\C:\Program
Files\SQL Anywhere 11\Bin32\dbserv11.dll
regkey:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERS ION\SHAREDDLLS\\C:\Program
Files\SQL Anywhere 11\Bin32\dbserv11.dll

Get more information about this item online.

Hi Jake,

I would say that this should be a 'false positive', assuming this file
is still 'original software.' dbserv11.dll contains the the main
database server functionality and should not be 'creating viruses, worms
or other malware'.

That said, I'm assuming that the file hasn't been infected by an actual
virus and that an MD5 hash on the file matches the production MD5 from
our distributions. Which version and build of 11 are you running?
(dbsrv11 -v) I'll post the MD5 hash of the file that we have in-house so
you can double-check that your file is the correct copy also. Once we
can confirm that the file is original software, we'll see what we can do
to speak with Microsoft about their virus flagging algorithm in Security
Essentials.

Cheers,

Bigger Jake wrote:
--
Jeff Albion, Sybase iAnywhere

iAnywhere Developer Community :
http://www.sybase.com/developer/libr...ere-techcorner
iAnywhere Documentation : http://www.ianywhere.com/developer/product_manuals
SQL Anywhere Patches and EBFs :
http://downloads.sybase.com/swd/summ...&timeframe =0
Report a Bug/Open a Case : http://case-express.sybase.com/cx/

The file version number came up:

11.0.0.1264.

Actually, I think the problem was solved in an updated
release of the signature file for security essentials. I had
security essentials place the file and registry entries back
and then ran an updated scan which did not detect a problem.
This was after several days of updates were applied and I
ran scans with several other tools which came up negative.
When the problem first occurred, I allowed security
essentials to send the threat information to Microsoft for
analysis. I think one of the updates corrected the problem.

Assuming the MD5 signature of the file is:

F9054FBB312350A861EB60765C2C9EA1

it's a false-positive. If Microsoft has already corrected the problem,
you should be all set.

Cheers,

Bigger Jake wrote:
--
Jeff Albion, Sybase iAnywhere

iAnywhere Developer Community :
http://www.sybase.com/developer/libr...ere-techcorner
iAnywhere Documentation : http://www.ianywhere.com/developer/product_manuals
SQL Anywhere Patches and EBFs :
http://downloads.sybase.com/swd/summ...&timeframe =0
Report a Bug/Open a Case : http://case-express.sybase.com/cx/