Probable false positive for NetWorx monitor

[DanZ]

I've been using using Networx from SoftPerfect for quite a while and Malwarebytes premium just called it out, for the first time, as a PUP today.   It is network monitoring software that tracks data usage.

 

https://www.softperfect.com/products/networx/

 

I am not affiliated with SoftPerfect or the Networx program in any way, other than being a customer.

scanlog.txt

networx.zip

[screen317]

Hello DanZ and welcome to the forum.

 

Thank you for your submission.

 

We detect this file as PUP.Optional.NetFilter, which means it is a "potentially unwanted program." Our detection is consistent with several other vendors, including ESET and Kaspersky. You can see those detections here:

https://www.virustotal.com/en/file/ad14f2ea1e6f207417dedf993d83488b25dd941bd4a3afd1c1b223b856b03fbd/analysis/1443130961/

 

Since you are knowingly using this program, I suggest that you add it to MBAM's file exclusion list. Open MBAM, click Settings, then Malware Exclusions. Click Add File and navigate to this file. That way, we wont detect it for you.

 

Let me know if you have any further questions and I will be happy to assist.

[DanZ]

Hi,

 

"Our detection is consistent with several other vendors, including ESET and Kaspersky."

OK, but it's inconsistent with: AVG, Avast, F-Secure, McAfee, Microsoft, Panda, Sophos, Symantec and many other vendors.

And then there are the actual comments of the two you referenced:

    ESET        a variant of Win64/NetFilter.A potentially unsafe
    Kaspersky   not-a-virus:NetTool.Win64.NetFilter.l      
        
Of course it's "potentially" unsafe - it's a low level driver that intercepts all network traffic.  But there is no indication, from any source, that it's ever been used for an exploit.  "autoruns.exe" is a low-level tool that is a Potentially Unwanted Program too, but no one flags it including Malwarebytes.  Why is that?   Because reasonableness prevails. 

Suggestion: Join the vast majority of the companies in the link you provided and don't flag the networx.sys driver.  I suspect ESET and Kaspersky will follow.

[blender]

Hi DanZ,

 

We are re-evaluating this. Do you happen to still have the installer you used? I ask because the installer I used from the site you provided gives me a different version of the driver you provided (which is not detected)

[blender]

Hello again DanZ,

 

I was able to gather enough info from other sources.

 

This detection will be fixed in the next database update.

 

Thank you for reporting this!

[DanZ]

Hi blender,

 

Unfortunately, the last version of the installer I saved was for 5.2.2.  The running copy says that it is 5.4.1 64-bit.  I went to the developer's download area at:   http://www.softpedia.com/get/Network-Tools/Bandwidth-Tools/Networx.shtml

 

Curiously, they say that 5.4.1 is the current release, which is what I appear to have installed.   I can't figure out why the driver copy I sent you differs from what you obtained.  Maybe you installed it on a 32 bit machine?  Or maybe the developer did a stealth release without updating the version number.

 

Thank you very much for your help,

 

Dan

[blender]

Indeed. You are correct. I installed it on a 32 bit machine.

 

Issue should be fixed now.

Thanks again for reporting.