Jump to content

False positve detection of our software


keith_gmcl
 Share

Recommended Posts

Or at least, I certainly assume it's a false positive; haven't been able to identify any malware contained within this through any other antivirus products. It's a simple installer made with NSIS and signed with our key, containing some third-party software (written in .NET) for extracting graphics from specific process control systems for re-use in amalgamated interfaces, and a GUI frontend for those awkward to use extraction utilities (which is written in Qt and whose executable is signed with the same key as the installer).

One can see for example on VirusTotal that MalwareBytes is the only vendor that seems to think this is troublesome: https://www.virustotal.com/gui/file/349b9048dd95eab680d1e01dd6fa29098b5a0bb005da1c59365b40925eefa97e?nocache=1

It'd be neat if MalwareBytes didn't throw scary warnings about this, especially neat if the rote hamfisted machine learning stuff didn't come to the same conclusions next time we update it too but I guess for now one thing at a time.

assyst-installer.7z

Link to post
Share on other sites

  • Staff

I scanned the file locally and it was not detected. Did you see a detection or was it just VirusTotal?

Our engine format and configuration in VirusTotal is different than our products' default configuration. In VirusTotal we use a command-line engine with more aggressive detection techniques and heuristics which might detect more than the commercial product. This is the norm with most if not all other antivirus vendors in VirusTotal.

If the next version is detected in a scan, please create a new thread and attach the detection log. 

Thanks for reporting.

Link to post
Share on other sites

1 hour ago, cli said:

I scanned the file locally and it was not detected. Did you see a detection or was it just VirusTotal?

Kindof neither; a client whose site uses Malwarebytes contacted us to let us know about this detection, their on-site installation of Malwarebytes having been the instance that detected the installer from what I understood from email correspondence.

1 hour ago, cli said:

Our engine format and configuration in VirusTotal is different than our products' default configuration. In VirusTotal we use a command-line engine with more aggressive detection techniques and heuristics which might detect more than the commercial product. This is the norm with most if not all other antivirus vendors in VirusTotal.

Oh I know, but I tossed it in there out of curiosity and as a double-check to make sure both that nothing else was detecting that installer and that it wasn't necessarily just a matter of their own specific local configuration.

1 hour ago, cli said:

If the next version is detected in a scan, please create a new thread and attach the detection log.

Thanks for reporting.

Well, that was  another reason I pointed to a VirusTotal result; as this was done on a client's end, I had no log to submit, so that seemed like the closest option.

Roger roger, I'll start a new thread if I receive any future reports after the next update (hopefully not for a while, only needs updating when the extraction tools inside need to handle a new software version or if I've noticed some error in the logic I'm using for automating stuff for the GUI frontend, so it can go months or even years without needing updates).

Link to post
Share on other sites

  • Staff

Sounds good. Hopefully you won't have to, but if the customer is unable to get the log, any additional information, preferably detection name, would be appreciated. Another option is to direct your customer to post here and we will work with them. Thanks.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.