Jump to content

Probable false positive for NetWorx monitor


DanZ
 Share

Recommended Posts

I've been using using Networx from SoftPerfect for quite a while and Malwarebytes premium just called it out, for the first time, as a PUP today.   It is network monitoring software that tracks data usage.

 

https://www.softperfect.com/products/networx/

 

I am not affiliated with SoftPerfect or the Networx program in any way, other than being a customer.

scanlog.txt

networx.zip

Link to post
Share on other sites

  • Staff

Hello DanZ and welcome to the forum.

 

Thank you for your submission.

 

We detect this file as PUP.Optional.NetFilter, which means it is a "potentially unwanted program." Our detection is consistent with several other vendors, including ESET and Kaspersky. You can see those detections here:

https://www.virustotal.com/en/file/ad14f2ea1e6f207417dedf993d83488b25dd941bd4a3afd1c1b223b856b03fbd/analysis/1443130961/

 

Since you are knowingly using this program, I suggest that you add it to MBAM's file exclusion list. Open MBAM, click Settings, then Malware Exclusions. Click Add File and navigate to this file. That way, we wont detect it for you.

 

Let me know if you have any further questions and I will be happy to assist.

Link to post
Share on other sites

Hi,

 

"Our detection is consistent with several other vendors, including ESET and Kaspersky."

OK, but it's inconsistent with: AVG, Avast, F-Secure, McAfee, Microsoft, Panda, Sophos, Symantec and many other vendors.

And then there are the actual comments of the two you referenced:

    ESET        a variant of Win64/NetFilter.A potentially unsafe
    Kaspersky   not-a-virus:NetTool.Win64.NetFilter.l      
        
Of course it's "potentially" unsafe - it's a low level driver that intercepts all network traffic.  But there is no indication, from any source, that it's ever been used for an exploit.  "autoruns.exe" is a low-level tool that is a Potentially Unwanted Program too, but no one flags it including Malwarebytes.  Why is that?   Because reasonableness prevails. 

Suggestion: Join the vast majority of the companies in the link you provided and don't flag the networx.sys driver.  I suspect ESET and Kaspersky will follow.

Link to post
Share on other sites

Hi blender,

 

Unfortunately, the last version of the installer I saved was for 5.2.2.  The running copy says that it is 5.4.1 64-bit.  I went to the developer's download area at:   http://www.softpedia.com/get/Network-Tools/Bandwidth-Tools/Networx.shtml

 

Curiously, they say that 5.4.1 is the current release, which is what I appear to have installed.   I can't figure out why the driver copy I sent you differs from what you obtained.  Maybe you installed it on a 32 bit machine?  Or maybe the developer did a stealth release without updating the version number.

 

Thank you very much for your help,

 

Dan

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.