TheFormTool Posted July 2, 2020 ID:1391668 Share Posted July 2, 2020 A few of our customers are being blocked from our store based on false positives delivered by Malwarebytes. When we test it on a Mac using Firefox, no problem. When we test on a Windows OS, using Malwarebytes we get a Trojan warning, a copy attached. We've had the site inspected by Sucuri and Why No Padlock. They report all is well. We'd really like this corrected. Link to post Share on other sites More sharing options...
Staff Dashke Posted July 2, 2020 Staff ID:1391728 Share Posted July 2, 2020 Can you please take a look at this file - theformtool.com/wp-content/uploads/downloads/2013/12/Aurora.zip ? Link to post Share on other sites More sharing options...
TheFormTool Posted July 2, 2020 Author ID:1391749 Share Posted July 2, 2020 There is no malware in that file. We've been down this road before. It shows a false positive because of the nature of the software, which is an add-in to Word using VBA and macros. Link to post Share on other sites More sharing options...
TheFormTool Posted July 2, 2020 Author ID:1391753 Share Posted July 2, 2020 We have a response from BitDefender from two weeks ago removing this file from their database. Link to post Share on other sites More sharing options...
TheFormTool Posted July 2, 2020 Author ID:1391806 Share Posted July 2, 2020 We ran this file through VirusTotal. Only 4 of 60 engines triggered a false positive. Here is the link https://www.virustotal.com/gui/file/aa629b9109cfbfde5fc54f561f4563786ac5c123710c2ef8c396a2a58f951334/detection Please correct your files! Link to post Share on other sites More sharing options...
Porthos Posted July 2, 2020 ID:1391814 Share Posted July 2, 2020 23 minutes ago, TheFormTool said: We ran this file through VirusTotal. Only 4 of 60 engines triggered a false positive. Have no say in this just an observation. The File that needs submitting is the actual Aurora.docm file not the zip. 13 engines detected this file https://www.virustotal.com/gui/file/083f393ece15832ba077ac18da38331fc1947a61fbc25167658e4ce69a957156/detection FYI, Bitdefender still detects the actual file. Might want to contact them again. Link to post Share on other sites More sharing options...
TheFormTool Posted July 2, 2020 Author ID:1391826 Share Posted July 2, 2020 Did you notice that the file to which BitDefender gave the clean bill of health WAS the Aurora.docm file? Link to post Share on other sites More sharing options...
TheFormTool Posted July 2, 2020 Author ID:1391829 Share Posted July 2, 2020 We just ran Aurora.docm through VIRUSTOTAL and received 5 false positives. None were from first-tier firms. https://www.virustotal.com/gui/file/87e3d832d707aed5aea0d018a39bbb10b04e6e3ec9276f2ab49e15d4b691bf4b/detection Now what? Link to post Share on other sites More sharing options...
Porthos Posted July 2, 2020 ID:1391835 Share Posted July 2, 2020 15 minutes ago, TheFormTool said: Did you notice that the file to which BitDefender gave the clean bill of health WAS the Aurora.docm file? Actually, I did not, just went by the updated VT report. I do know it takes time for VT to update even when the correction is reported to VT itself. Just a reminder, I do not work for Malwarebytes and just making an observation. 14 minutes ago, TheFormTool said: Now what? Just wait on staff to re evaluate. It is not an instant process. Thanks for your understanding. Link to post Share on other sites More sharing options...
TheFormTool Posted July 2, 2020 Author ID:1391838 Share Posted July 2, 2020 Ah. I did not know that. Thank you. VT has updated, dropping the false positives to five. Thanks for your assistance! Link to post Share on other sites More sharing options...
Porthos Posted July 2, 2020 ID:1391847 Share Posted July 2, 2020 (edited) 16 minutes ago, TheFormTool said: VT has updated, dropping the false positives to five. The one you scanned and the one I downloaded from the link that you were asked to look at and the one you scanned have 2 different hashes. I scanned what was Inside the following file that you were asked to investigate. theformtool.com/wp-content/uploads/downloads/2013/12/Aurora.zip And got this report. https://www.virustotal.com/gui/file/083f393ece15832ba077ac18da38331fc1947a61fbc25167658e4ce69a957156/detection The file you scanned has the report that is different. Less detection's. Edited July 2, 2020 by Porthos Link to post Share on other sites More sharing options...
TheFormTool Posted July 2, 2020 Author ID:1391851 Share Posted July 2, 2020 Porthos -- Now, THAT is helpful! Thank you. We've rolled back to a previous version while we investigate the differences. If you test the download now you should see what we've been seeing, currently three engines. Thank you, most sincerely, for your help! Link to post Share on other sites More sharing options...
Porthos Posted July 2, 2020 ID:1391856 Share Posted July 2, 2020 30 minutes ago, TheFormTool said: Thank you, most sincerely, for your help! You are welcome and now @Dashke can reevaluate. Have a good holiday. Link to post Share on other sites More sharing options...
TheFormTool Posted July 2, 2020 Author ID:1391870 Share Posted July 2, 2020 Dashke -- Please re-evaluate the file and the site. We have rolled back the version of Aurora, which decreased the number of reporting engines to four of the more minor firms. Thanks for your help. Link to post Share on other sites More sharing options...
TheFormTool Posted July 3, 2020 Author ID:1391988 Share Posted July 3, 2020 Daske -- The only remaining issue is the site blockage based on Error code: SSL_ERROR_RX_RECORD_TOO_LONG. We have confirmed that our SSL is operating properly. Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now