XP SP3 triggers false positives in security apps

Scott dunn
By Scott Dunn

Installing Windows XP Service Pack 3 can cause your anti-malware programs to report the presence of Trojans and keyloggers that aren’t there.

The false positives have blocked important system files in some cases, and in others they have misled users into reinstalling XP.


SP3 causes some malware scanners to cry “wolf”

Comments on a PC Tools forum confirm customer reports that the company’s Spyware Doctor program generates a false positive on systems with Windows XP SP3.

Similarly, at least one site claims that Symantec’s Norton Internet Security software identifies a common system file as a keylogger.

ReviewSaurus reports that XP SP3 causes Norton Internet Security to identify ctfmon.exe as a keylogger (a kind of malware that records your keystrokes to capture passwords and other important data).

In reality, the ctfmon.exe file in your WindowsSystem32 folder is a Microsoft system file that enables alternative input methods such as speech, tablet, or on-screen keyboard.

This article is part of our premium content. Join Now.

Already a paid subscriber? Click here to login.



Get our unique weekly Newsletter with tips and techniques, how to's and critical updates on Windows 10, Windows 8, Windows 7, Firefox, Internet Explorer, Google, etc. Join our 460,000 subscribers!

Enter your email above to receive messages about offerings by Penton, its brands, affiliates and/or third-party partners, consistent with Penton's Privacy Policy.
The Windows 7, Vol 3 (Excerpt)

Subscribe and get our monthly bonuses - free!

The Windows 7 Guide, Volume 3: Advanced maintenance and troubleshooting provides advanced tools for keeping Microsoft's premier operating system up and running smoothly. Get this excerpt and other 4 bonuses if you subscribe FREE now!

= Paid content

All Windows Secrets articles posted on 2008-05-22: