Automated False Positives

http://research.pandasecurity.com/automated-false-positives/

 

Thanks for the link...BTW very informative article.

 

It's mean, that all vendors (including KAV) use analysing method like "scan at VT" (often - local scan system)

I think - it's OK. The main reason - comparatives (test centres and users). All AV need (!) detect all files, detected other AVs, users call it.

 

I didn't see Avira on that list. So they're basically the only AV-company handling their business properly.

 

Or it's AVLab reaction to slow

 

Important is that vendors known to care about false positives didn't made this false positive no matter if it is automatic system or human mistake.

ESET , Microsoft , Symantec are very cautious when releasing updates to their clients and they never made a signature about this .

From the European vendors , AVG is "known to steal signatures" (at least I have read somewhere that they try to steal from Avast , ESET , Kaspersky , perhaps others , too).

McAfee's cloud made this mistake because of high sensitivity . All other vendors menitioned in the blog article don't care much about FP alarms and except from Kaspersky , are too small vendors.

Symantec's detection at first has now gone because the file has gained good reputation:

 

What!! Are you sure??

 

I wrote I have seen it somewhere on the net . Since I don't work at AVG's virus lab I can never be 100% sure BUT still there are many evidences that they copy detections from other vendors.

Anyway , back on topic , please

 

@3GUSER
Please don't spread such vague rumors. Consider that most AV's have detection ratios of 92%+ on huge testbeds; files detected as malicious by other vendors will have top attention by vendors witch don't recognize it as malicious...

Watching each others detections is something way different then copying other vendors signatures with can be defined as reverse-engineering.

 

Avast also isn't on that list

regards
y.

 

Well Trend Micro House Call is no longer detecting it and AVG it no longer detecting it either. Symantec no longer says it suspicious.

 

ZoneAlarm Extreme Security (Kaspersky engine) is detecting it as Backdoor.Win32.Bredolab.djl

 

Here a heuristic detection of ESET...

 

Will soon be detected as:

PandaCloudTestFile.exe - not-a-virus:Garbage.Win32.Panda-test-file.a

 

PC Tools will have this fixed in a update shortly: http://www.pctools.com/forum/showpost.php?p=230508&postcount=2

I am to lazy to sign up for any more forums so please if you have some time submit this to the other vendors that are detecting this

Well I guess since the Nod32 forum is here I can go report it to them....I forget they are hosted here

Update: Kaspersky is no longer detecting it

 

I can confirm that with ZoneAlarm, it's not detecting it anymore

 

Thank you Andreas. Great wake up call!

 

It is not about fixing this manually (a.k.a. whitelisting the file) - the problem Andreas (IBK) and in this case Panda present is about "the speed" a non-malicious file is being added as detection by some vendors

 

good to see my freeware AV is lacking automated FP generation, on seconds thought I would not pay for such a feature

 

ESET is not detecting now

 

Thanks for confirming that

 

As fast as I am reporting this FP to vendors other vendors are detecting it. Now Avast! is detecting it, everyone one who fixes it three more detect it

 

Wrong conclusion. This is not necessarily the case. It can be a false-positive by analysts or malware analysis robots.