Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

High severity signatures firing during benign URL analysis in IE 7 #252

Open
seanthegeek opened this issue Jan 20, 2019 · 2 comments
Open

High severity signatures firing during benign URL analysis in IE 7 #252

seanthegeek opened this issue Jan 20, 2019 · 2 comments

Comments

@seanthegeek
Copy link
Contributor

When analyzing various benign URLS in IE on Windows 7:

  • example.com
  • google.com

The following high severity signatures fired, which raised the MalScore to malicious levels:

  • creates_largekey
    regkeyval: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage2\ProgramsCache
  • stack_pivot
    process: explorer.exe:1288

Ideally, the MalScore should be in the benign range.
@kevoreilly
Copy link
Contributor

Perhaps this could be resolved by updating the signatures with an exclusion list of process names or similar to get it to ignore IE?

@seanthegeek
Copy link
Contributor Author

Can the signatures get the full path of the process instead of the process name? That would be safer.

That could also solve the PDF false positive.

@bartblaze bartblaze mentioned this issue Dec 30, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@seanthegeek @kevoreilly