Automated False Positives

Discussion in 'other anti-virus software' started by IBK, Jun 2, 2010.

Thread Status:
Not open for further replies.
  1. IBK

    IBK AV Expert

    Joined:
    Dec 22, 2003
    Posts:
    1,819
    Location:
    Innsbruck (Austria)
  2. AvinashR

    AvinashR Registered Member

    Joined:
    Dec 26, 2009
    Posts:
    2,060
    Location:
    New Delhi Metallo β-Lactamase 1
    Thanks for the link...BTW very informative article.:)
     
  3. OlegSych

    OlegSych Registered Member

    Joined:
    Jul 5, 2005
    Posts:
    43
    Location:
    Kiev, Ukraine
    It's mean, that all vendors (including KAV) use analysing method like "scan at VT" (often - local scan system) :thumb:

    I think - it's OK. The main reason - comparatives (test centres and users). All AV need (!) detect all files, detected other AVs, users call it.
     
  4. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,363
    Location:
    Sweden
    I didn't see Avira on that list. :) So they're basically the only AV-company handling their business properly. :p
     
  5. OlegSych

    OlegSych Registered Member

    Joined:
    Jul 5, 2005
    Posts:
    43
    Location:
    Kiev, Ukraine
    Or it's AVLab reaction to slow :D
     
  6. 3GUSER

    3GUSER Registered Member

    Joined:
    Jan 10, 2010
    Posts:
    812
    Important is that vendors known to care about false positives didn't made this false positive no matter if it is automatic system or human mistake.

    ESET , Microsoft , Symantec are very cautious when releasing updates to their clients and they never made a signature about this .

    From the European vendors , AVG is "known to steal signatures" (at least I have read somewhere that they try to steal from Avast , ESET , Kaspersky , perhaps others , too).

    McAfee's cloud made this mistake because of high sensitivity . All other vendors menitioned in the blog article don't care much about FP alarms and except from Kaspersky , are too small vendors.

    Symantec's detection at first has now gone because the file has gained good reputation:
     

    Attached Files:

    • fi.PNG
      fi.PNG
      File size:
      68 KB
      Views:
      506
  7. CiX

    CiX Registered Member

    Joined:
    Feb 22, 2010
    Posts:
    404
    What!! Are you sure??:eek: :eek:
     
  8. 3GUSER

    3GUSER Registered Member

    Joined:
    Jan 10, 2010
    Posts:
    812
    I wrote I have seen it somewhere on the net . Since I don't work at AVG's virus lab I can never be 100% sure BUT still there are many evidences that they copy detections from other vendors.

    Anyway , back on topic , please :)
     
  9. Sputnik

    Sputnik Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    1,198
    Location:
    Москва
    @3GUSER
    Please don't spread such vague rumors. Consider that most AV's have detection ratios of 92%+ on huge testbeds; files detected as malicious by other vendors will have top attention by vendors witch don't recognize it as malicious...

    Watching each others detections is something way different then copying other vendors signatures with can be defined as reverse-engineering.
     
  10. yaslaw

    yaslaw Registered Member

    Joined:
    Feb 27, 2005
    Posts:
    167
    Location:
    Poland
    Avast also isn't on that list :D

    regards
    y.
     
  11. Ibrad

    Ibrad Registered Member

    Joined:
    Dec 8, 2009
    Posts:
    1,949
    Well Trend Micro House Call is no longer detecting it and AVG it no longer detecting it either. Symantec no longer says it suspicious.
     
  12. pabrate

    pabrate Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    685
    ZoneAlarm Extreme Security (Kaspersky engine) is detecting it as Backdoor.Win32.Bredolab.djl
     
  13. ESS474

    ESS474 Registered Member

    Joined:
    Jan 13, 2010
    Posts:
    201
    Location:
    S?o Paulo (Brazil)
    Here a heuristic detection of ESET...


    FP.png
     
  14. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,726
    Location:
    localhost
    Will soon be detected as:

    PandaCloudTestFile.exe - not-a-virus:Garbage.Win32.Panda-test-file.a

    :D ;) :ninja:
     
  15. Ibrad

    Ibrad Registered Member

    Joined:
    Dec 8, 2009
    Posts:
    1,949
    PC Tools will have this fixed in a update shortly: http://www.pctools.com/forum/showpost.php?p=230508&postcount=2

    I am to lazy to sign up for any more forums so please if you have some time submit this to the other vendors that are detecting this :p

    Well I guess since the Nod32 forum is here I can go report it to them....I forget they are hosted here :rolleyes:

    Update: Kaspersky is no longer detecting it
     
  16. pabrate

    pabrate Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    685
    I can confirm that with ZoneAlarm, it's not detecting it anymore :shifty:
     
  17. Miyagi

    Miyagi Registered Member

    Joined:
    Mar 12, 2005
    Posts:
    420
    Location:
    Honolulu, Hawaii
    Thank you Andreas. Great wake up call! :cool:
     
  18. 3GUSER

    3GUSER Registered Member

    Joined:
    Jan 10, 2010
    Posts:
    812

    It is not about fixing this manually (a.k.a. whitelisting the file) - the problem Andreas (IBK) and in this case Panda present is about "the speed" a non-malicious file is being added as detection by some vendors
     
  19. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    :D good to see my freeware AV is lacking automated FP generation, on seconds thought I would not pay for such a feature :D
     
  20. ESS474

    ESS474 Registered Member

    Joined:
    Jan 13, 2010
    Posts:
    201
    Location:
    S?o Paulo (Brazil)
    ESET is not detecting now :p
     
  21. Ibrad

    Ibrad Registered Member

    Joined:
    Dec 8, 2009
    Posts:
    1,949
    Thanks for confirming that :D
     
  22. Ibrad

    Ibrad Registered Member

    Joined:
    Dec 8, 2009
    Posts:
    1,949
    As fast as I am reporting this FP to vendors other vendors are detecting it. Now Avast! is detecting it, everyone one who fixes it three more detect it :rolleyes:
     
  23. dawgg

    dawgg Registered Member

    Joined:
    Jun 18, 2006
    Posts:
    817
    Wrong conclusion. This is not necessarily the case. It can be a false-positive by analysts or malware analysis robots.
     
Loading...
Thread Status:
Not open for further replies.