The reason Prevx detects Ahnlab as malware?

Discussion in 'Prevx Releases' started by bonedriven, Jun 11, 2009.

Thread Status:
Not open for further replies.
  1. bonedriven
    Offline

    bonedriven Registered Member

    I temporarily study at this korean university. Here everyone is forced to install ahnlab security suite 2007 if you want to use the internet service provided by the university. Students here,at least those I know,consider ahnlab the biggest malware on their computers because it does nothing except that loads 5+ processes and 6+ services to keep itself on your pc.

    People are trying every way to stop ahnlab while not being cut. But ahnlab updates new manners to monitor if it's running well on your pc. Recently,we found a new effective way that use brutal force to delete one of the Ahnlab install directories. It works well. :thumb: *whisper* "Don't tell them!"

    Now Prevx(it never did) detects some of ahnlab's files and registry entries as malware. But I think,maybe,Prevx intelligently finds that ahnlab is not a wanted program on my computer at the moment?

    BTW,can someone send me snipped according to our TOS
    Last edited: Jun 11, 2009
  2. PrevxHelp
    Offline

    PrevxHelp Prevx Moderator

    Hello,
    I've corrected the detection for the file you referenced. If there are more, please let me know and I'll look into them further :) Security software is always difficult to detect as good automatically because of the modifications it makes into the system. Antivirus software tends to hook system services and load driver components which perform suspicious behaviors, much like rootkits, so we generally need to whitelist these programs to prevent them from generating FPs.

    However, the same happens against us whenever we release a new version - many AVs automatically detect new versions of Prevx software so we need to give other vendors pre-release copies to fix new FPs :) It is hard to blame them for detecting our software, however, because antimalware software does tend to look like malware on the surface level.
  3. bonedriven
    Offline

    bonedriven Registered Member

    Thank you. And SOGOUTSF.DLL.

    It's a widely used chinese input method software which has been installed for a long time. Now Prevx begins to detect it as malware.

    Sorry if I've hijacked the thread.
    Last edited: Jun 11, 2009
  4. PrevxHelp
    Offline

    PrevxHelp Prevx Moderator

    Fixed as well :) Thanks for the report!
  5. Gaeko
    Offline

    Gaeko Guest

    I'm from Korea, and I know what you are talking about. ;)
    Yes, Ahnlab is monopolizing the Korean security market.
    It's interesting to know that PrevX detects Ahnlab as a malware.
    Because Dr.Web also detects some Ahnlab files as a malware.
    Take care.
  6. bonedriven
    Offline

    bonedriven Registered Member

    Hi Gaeko,

    I didn't make it clear myself. It is not every university that forces their pcs to install ahnlab here. The university I'm in may be one of a few cases.
Thread Status:
Not open for further replies.