Our software components are scanned by multiple antivirus scanners before being packaged.
The wmi providers msi is then digitally signed as well as all DLLs and EXEs.
Does the wmi providers msi show a valid digital signature?
Does the WUAProvider.exe show a valid digital signature?
It may be a false positive.
We will re-scan the packages and content to insure there are no issues.
Thank you for submitting the file to F-Secure for analysis.
Please let us know if a newer AV DB corrects the issue.
We use 3 AV scanners:
None of these AV scanners detect any viruses.
We began seeing this false positive after Symantec released their latest definitions on January 5th. Have you done a scan recently? We submitted the file to Symantec and they confirmed that it was not a virus of course.
Before we knew Symantec was causing an issue we attempted to connect to some computers via EminentWare using the computer explorer tool to look at the Windows Update History. As a result the computers became corrupted forcing us to do a system restore to bring them back to a working state. We confirmed that the EminentWare providers caused an issue by looking at the system logs on the affected computers. Not all computers were corrupted when connected to though and we are unclear if Symantec is playing a role. We have so far been unable to replicate this issue in our lab however we do know that the process of provisioning the wmi providers on those machines was a problem. Any ideas or thoughts on how or why this could happen? At this point we have stopped using EminentWare computer explorer tools until we can figure out for sure what's happening.
We're continuing to research the issue in an attempt to gain further insight.