Posted By: dot_matrix
MS Security Essentials kills Zorro as it is recognized as trojan - 03/22/18 09:07
After the last virus definition update from Microsoft for the Security Essential package, zorro (v. 1.74) gets killed with the notification "severe threat", Trojan:Win32/Azden.A!cl.
https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=Trojan%3aWin32%2fAzden.A!cl&threatid=2147718745&enterprise=0
Zorro Real running on a Windows 2008R2 Server.
Anyone similar issues?
Posted By: jcl
Re: MS Security Essentials kills Zorro as it is recognized as trojan - 03/22/18 09:17
First check if your PC is really infected. For this you can submit Zorro.exe to a scan service like
https://www.virustotal.com.If your PC is infected, please stop all work, reboot it from a clean media, and run a thorough virus check with a serious tool (not Security Essentials). Then download and install Zorro again.
- Update: We got similar reports from other users and have informed Microsoft of this incident.
Posted By: dot_matrix
Re: MS Security Essentials kills Zorro as it is recognized as trojan - 03/22/18 09:31
Thanks for the fast reply.
I re-installed zorro several times and the zorro.exe was immediately eliminated by ms-sec-essentials. However, checking zorro.exe with Jottis Malware scanner, only one showed "something" (ClamAV, PUA.Win.Packer.Upx-48), all other engines reported nothing.
Repeated as suggested with virustotal. With one exception (Cylance, Webroot, W32.Malware.Gen) all others reported nothing.
Posted By: jcl
Re: MS Security Essentials kills Zorro as it is recognized as trojan - 03/22/18 09:36
We have now official confirmation from Microsoft that Zorro 1.74 contains no malware. Hopefully they fix their virus defender signatures soon.
Until then, I suppose you can enter exclusions in the security essentials configuration:
https://docs.microsoft.com/de-de/windows...tection-history
Posted By: dot_matrix
Re: MS Security Essentials kills Zorro as it is recognized as trojan - 03/22/18 09:42
Thanks a lot.
Yes, the exception for the folder was the first I did since it looked to me that this is an automatically generated false alarm. So much for heuristics.
That's why I checked back here.