Jump to content

False Positives


Recommended Posts

Results of a "Complete" scan.

WPE PRO: HackTool.Sniffer.WpePro



WPE PRO is being reported as a "Hack Tool".

I am a developer of client-server applications (UDP and TCP protocals for

databases, games, and other legitimate programs).

i do not use this for hacking.

To call this a hack is to also call Microsoft Network Monitor a hack.

As far as i know - WPE Pro has no "run Silent" mode and using it on my computer

does not make me vulnerable to an attack nor does it mean i am hacking by monitoring my network.

i request this be moved to "Suspicious" rather than "Positive" because i do see a possible "Hacker Use" for the program.

but to call it a "Hack" when I'm using it for legitimate reasons is... <_<

Self-compiled application identified as "Trojan.Agent"

server/client UDP example source code compiled over a year ago.

an application that I myself compiled from source-code is incorrectly being called a Trojan.

It is a sample application for UDP communication between client and server in VS2010 VB.NET.

I'm including the source-code that i personally compiled. I reviewed the code before

submitting this report and see no sign of any malware or hackware or spyware coding

(source code VS2010 VB.NET attachment: source.zip 3.36KB)

i suspect the program was detected heuristically and am submitting the source-code to aid

in better heuristic-based detection.

I installed Mal-ware byte when my SAS-Super Anti-Spyware failed to find a google hijacker.

rather than helping, it just gave me false positives. :(

(the WPE Pro is not the cause. It is not currently installed. The downloaded and

extracted files were copied from my previous HD when i made the move from WinVista

to Win7 almost a year ago. Thus it is not the source of the hijack which appeared

only about 3 days ago. no virus goes a year without taking virus-like action. no

virus is active if it has never been executed at least once by a user or another

linked program.)


Link to post
Share on other sites

For the record hactool is not the same as malware. A hacktook implies that a tool can be used for some sort of hacking and that hacking can potentially be malicious. The experienced user (the ones using these intentionally) is expected to see hacktool and understand that this is their intentional action and select ignore. If a hacktool were to be trojanized the victim would also see the hacktool detection and as they are not likely an expert they will select block thus allowing them to be protected.

This does not specifically apply to this case but to all cases where hacktool is the designation.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.