XP SP3 triggers false positives in security apps

Scott dunn By Scott Dunn

Installing Windows XP Service Pack 3 can cause your anti-malware programs to report the presence of Trojans and keyloggers that aren’t there.

The false positives have blocked important system files in some cases, and in others they have misled users into reinstalling XP.


SP3 causes some malware scanners to cry “wolf”

Comments on a PC Tools forum confirm customer reports that the company’s Spyware Doctor program generates a false positive on systems with Windows XP SP3.

Similarly, at least one site claims that Symantec’s Norton Internet Security software identifies a common system file as a keylogger.

ReviewSaurus reports that XP SP3 causes Norton Internet Security to identify ctfmon.exe as a keylogger (a kind of malware that records your keystrokes to capture passwords and other important data).

In reality, the ctfmon.exe file in your WindowsSystem32 folder is a Microsoft system file that enables alternative input methods such as speech, tablet, or on-screen keyboard.

This article is part of our premium content. Join Now.

Already a paid subscriber? Click here to login.



= Paid content

All Windows Secrets articles posted on 2008-05-22: