SPTD triggers Antimalware warnings

[Kai Fieabach]

I just wasted half of a day with Antimalware support because of Powerarchiver.

After installing the Microsoft Security Essentials (MSE), with each boot MSE logs the following warning:
Name: Behavior/ModifiedKernel
ID: 2790572135
Description: http://go.microsoft.com/fwlink/?link...tid=4294967289

With this, MSE also logs a random filename in the shape of "sp??.sys" that DOES NOT EXIST on the system, like "spco.sys" or "spla.sys". This made it extremely difficult to find out what was wrong. I finally found out that PowerArchiver installs the driver Windows\system32\drivers\SPTD.SYS, and this driver disguises itself with a random name on each boot. I also managed to find the company Duplexsecure, maker of SPTD. They offer a download to update or uninstall SPTD: http://duplexsecure.com

After uninstalling SPTD, MSE finally is calm. I hope this thread helps other people with the same problem. I wonder why PowerArchiver installs disguising stuff? At least there should be a warning about possible consequences for Antimalmare software. So far I could not find any negative effect on PowerArchiver after uninstalling SPTD.

[Luxor]

Quote:

Originally Posted by Kai Fieabach

I wonder why PowerArchiver installs disguising stuff? At least there should be a warning about possible consequences for Antimalmare software. So far I could not find any negative effect on PowerArchiver after uninstalling SPTD.

I would say it's a problem with MSE rather than Powerarchiver. False positives happen from time to time with malware and antivirus software. Best to report it to them.

[Kai Fieabach]

Quote:

Originally Posted by Luxor

I would say it's a problem with MSE rather than Powerarchiver. False positives happen from time to time with malware and antivirus software. Best to report it to them.

I do not regard this as a false positive. If a software disguises itself with false file names, so that it cannot be detected, and gives "signs of tampering in the state of the running operating system kernel" as SPTD does, I am thankful for a warning of Antimalware software. I still do not understand why Powerarchiver installs disguising drivers. When I bought Powerarchiver, I expected clean software, not something that hides and behaves like a root kit.

[spwolf]

Quote:

Originally Posted by Kai Fieabach

I just wasted half of a day with Antimalware support because of Powerarchiver.

After installing the Microsoft Security Essentials (MSE), with each boot MSE logs the following warning:
Name: Behavior/ModifiedKernel
ID: 2790572135
Description: http://go.microsoft.com/fwlink/?link...tid=4294967289

With this, MSE also logs a random filename in the shape of "sp??.sys" that DOES NOT EXIST on the system, like "spco.sys" or "spla.sys". This made it extremely difficult to find out what was wrong. I finally found out that PowerArchiver installs the driver Windows\system32\drivers\SPTD.SYS, and this driver disguises itself with a random name on each boot. I also managed to find the company Duplexsecure, maker of SPTD. They offer a download to update or uninstall SPTD: http://duplexsecure.com

After uninstalling SPTD, MSE finally is calm. I hope this thread helps other people with the same problem. I wonder why PowerArchiver installs disguising stuff? At least there should be a warning about possible consequences for Antimalmare software. So far I could not find any negative effect on PowerArchiver after uninstalling SPTD.

eh, if your antivirus software has an issue with CD/DVD burner drivers, which are completely fine, then it is not our fault :-).

It is best if you report it to MSE and we will also do the same. They usually fix false positives quickly.

[spwolf]

btw these are the drivers that get installed with Virtual Drive, they allow for direct access to burner devices, and they are much better to use than standard Windows SPTI.

PowerArchiver Burner can use: SPTD, SPTI or ASPI for burning drivers, but SPTD is by far the best of 3 and recomended for fastest operation and least number of issues.