Changing False Positive Result.

Hi,

One of software applications is registering as a false positive with the NOD32 antivirus software.

We have tested the app in question against all other antivirus software without any problems - results screenshot from VirusTotal here : h**p://img106.imagevenue.com/img.php?image=68588_virustotal_122_886lo.jpg

Is there anything that can be done about this or is it an inconvenience that users of both software packages will simply have to live with ?

Regards,
Iain.

 

Please compress the file in question with WinRAR or another ordinary packer, protect the archive with the password "infected" and send it to samples[at]eset.com with "False positive" in the subject. Also we'll appreciate if you enclose the url the program can be downloaded from.

 

Hello marcos
I sent a false positive not yet correct
falso positivo LG

 

Hello,

I'm also getting a false positive for a managed service agent that we are rolling out. Ive sent it to the email address above. The subject is "false positive" and the zip file is zcopy.zip

How long does it usually take for a sample to get whitelisted ?

Thanks!

Travis

 

Guys, I'm getting false positives all over the place on this managed services client by Zenith infotech. Ive submitted a ton of files, but have recieved no response. What is the deal?

 

The variant of zcopy.exe we have received at samples[at]eset.com is no longer detected, it was fixed a couple of days ago. If you have a newer variant that is detected with the latest signature database version, submit it to samples[at]eset.com in a password protected archive and "False positive" in the subject.

 

Marcos,

I appreciate the reply. Would it make sense for me to zip the entire program directory so that you guys can scan it? There are multiple different file types that are getting triggered.

 

Ok, if the archive is not too large, send it to samples[at]eset.com with this thread's url in the subject.

 

Its kind of big, I'll try to send just the exe's that are triggering.

 

Our Axis cameras started registering as their MPEG stream infected. We have over 100 of these cameras.

http://camera1234/axis-cgi/mjpg/video.cgi?camera=1&fps=8&showlength=1
contains probably a variant of Trivial.Lame.98 virus.

Seems cleared up now. This was yesterday, about 20 hours ago..

 

Okay, I've sent some. This particular zip file is from the client that takes updates from the NOC and distributes them to workstations that are being monitored on the network. I'll send over some more false positives after that. The remote control aspect of these files must be what is setting off nod32, I suppose. Thanks again!

Travis

 

Marcos,

just sent another file. Hopefully, this is the last one!

 

marcos,

eset is finding another file from this company. Is there any way you guys can open a dialogue so I dont have to single handedly submit every single file that eset finds?

they are a managed services company. www.zenithinfotech.com

 

more false positives for the same client. Ill email you.

 

Marcos,

Did you recieve my email with the new file?

Should I just disable heuristics? Where are all of the config settings for that?