TheFormTool

Well, that's great. Thanks!

Thanks for your note, but I don't understand its meaning. Is my comment blocked? Does it need to be made again? Or...?

This is a recurring false positive last reported and cleared July 5, 2020. hxxps://shop.theformtool.com/ Thank you for your attention to this.

Please confirm that this file is not carrying a Trojan virus or other malware. When I test it on a Windows machine, using MalwareBytes Premium 4.1.0 it passes with no issues, as this when I right-clicked the attached file and asked for a MawareBytes scan. Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 7/6/20 Scan Time: 4:21 PM Log File: 5c86ea60-bfdf-11ea-8513-001c426139ef.json -Software Information- Version: 4.1.0.56 Components Version: 1.0.955 Update Package Version: 1.0.26511 License: Premium -System Information- OS: Windows 10 (Build 18362.900) CPU: x64 File System: NTFS User: TFTWINDOWS\RWC -Scan Summary- Scan Type: Custom Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 1 Threats Detected: 0 Threats Quarantined: 0 Time Elapsed: 0 min, 15 sec -Scan Options- Memory: Disabled Startup: Disabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) BrokenAurora.zip

MalwareBytes is reporting a false positive for https://www.shop.theformtool.com. VirusTotal, a copy of which is attached, is reporting a clean sweep, zero out of 79 reporting engine. PLEASE stop burning our site!

Daske -- The only remaining issue is the site blockage based on Error code: SSL_ERROR_RX_RECORD_TOO_LONG. We have confirmed that our SSL is operating properly.

Dashke -- Please re-evaluate the file and the site. We have rolled back the version of Aurora, which decreased the number of reporting engines to four of the more minor firms. Thanks for your help.

Porthos -- Now, THAT is helpful! Thank you. We've rolled back to a previous version while we investigate the differences. If you test the download now you should see what we've been seeing, currently three engines. Thank you, most sincerely, for your help!

Ah. I did not know that. Thank you. VT has updated, dropping the false positives to five. Thanks for your assistance!

We just ran Aurora.docm through VIRUSTOTAL and received 5 false positives. None were from first-tier firms. https://www.virustotal.com/gui/file/87e3d832d707aed5aea0d018a39bbb10b04e6e3ec9276f2ab49e15d4b691bf4b/detection Now what?

Did you notice that the file to which BitDefender gave the clean bill of health WAS the Aurora.docm file?

We ran this file through VirusTotal. Only 4 of 60 engines triggered a false positive. Here is the link https://www.virustotal.com/gui/file/aa629b9109cfbfde5fc54f561f4563786ac5c123710c2ef8c396a2a58f951334/detection Please correct your files!

We have a response from BitDefender from two weeks ago removing this file from their database.

There is no malware in that file. We've been down this road before. It shows a false positive because of the nature of the software, which is an add-in to Word using VBA and macros.

A few of our customers are being blocked from our store based on false positives delivered by Malwarebytes. When we test it on a Mac using Firefox, no problem. When we test on a Windows OS, using Malwarebytes we get a Trojan warning, a copy attached. We've had the site inspected by Sucuri and Why No Padlock. They report all is well. We'd really like this corrected.