You are seeing multiple detections for SecurityRisk.OrphanInf in scan logs beginning on or around May 9th or 10th, 2011.
Update August 1st, 2011:
This signature will be re-enabled in definitions of August 2nd, 2011.
Update: This signature has been temporarily disabled via a data change due to some incompatibilities discovered in field. This will allow us to investigate further, identify root cause for the incompatibility, and determine the appropriate solution.
This change was included in definitions 5/13/2011 rev. 37 and beyond.
Detection for orphaned autorun files was included as part of the Eraser Engine update that went out in Multiple Daily Definitions May 9 and will be in May 10 Daily Certified Definitions.
Details: Scans for orphaned autorun files will be performed during quickscans. If an autorun.inf file in a root directory does not reference a valid file path in a launch point, it will trigger a detection with the name of “SecurityRisk.OrphanInf”. Remediation will consist of deleting the autorun.inf file and will not require a reboot.
Imported Document ID: TECH159738
Subscribing will provide email updates when this Article is updated. Login is required.
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
Subscribed to the Article.
Unable to subscribe
Thanks for your additional feedback !!!
Enterprise Support Virtual Agent
Rate Me :
Tell us more:
Welcome! My name is Sami, the Enterprise Support Virtual Agent answering technical support questions.