High severity signatures firing during benign URL analysis in IE 7

[seanthegeek]

When analyzing various benign URLS in IE on Windows 7:

• example.com
• google.com

The following high severity signatures fired, which raised the MalScore to malicious levels:

• creates_largekey
  regkeyval: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage2\ProgramsCache
• stack_pivot
  process: explorer.exe:1288

Ideally, the MalScore should be in the benign range.

[kevoreilly]

Perhaps this could be resolved by updating the signatures with an exclusion list of process names or similar to get it to ignore IE?

[seanthegeek]

Can the signatures get the full path of the process instead of the process name? That would be safer.

That could also solve the PDF false positive.