05-04-2011 01:54 PM
We're using Office Scan 10.5 to protect our corporate network and have had Office Scan alert to Mal_Hifrm being detected recently. This has happened to several different users in different buildings over the past few weeks. It's always detected in the Internet Explorer cache and all the users have been performing a search on the same website (don't know if I should mention the site or not but it's a business web site) when the alert occurs. I clear their cache and perform a manual scan which always comes back clean. The Trend Encyclopedia tells me this is a heuristic detection and I cannot replicate the alert by going to the website myself and performing a search. It appears to happen randomly as far as user, time, frequency of site visit, etc., but always at this one website. My question is who should I take this to? Do I submit a ticket or false positive submission to Trend or should I alert the web site owner?