False alert submission

Discussion in 'ESET Smart Security' started by pivim, Sep 11, 2009.

Thread Status:
Not open for further replies.
  1. pivim

    pivim Registered Member

    Joined:
    Sep 11, 2009
    Posts:
    1
    Hello dear ESET representatives, I have a little problem with false positive file submission.
    I have been trying to sumit a file since the end of August , now I have just received an e-mail from an ESET Customer Care Representative with an advice to adress my issue here.

    I followed all the instructions provided here: http://kb.eset.com/esetkb/index?page=content&id=SOLN141 and even CC'd to esetsamples(at)gmail.com and send it from several e-mails, keeping in mind that it will boost my chances to be noticed =)

    Previously I did not face such a problem, when submitting a file samples. Please do resolve my issue - virus problem harms our reputation =(

    The case number is "358610 - False alert by your antivirus"

    Looking forward for your reply.
    Best regards,
    Alex
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Actually we're been waiting weeks for a response:

    The reason of detection that file is:
    * file has configuration in overlayed data in encrypted form
    * file has no version info nor any strings about vendor nor urls pointed to official web page
    * url looks like partnership/advertising reference (hxxp://release.pivim.com/service/install_stat.php...)
    * the file downloaded from the url contains error message ("error or not inserted:")
    * many AV vendors still detect it as malware

    The question is: why don't you put an url to your product for direct downloading or even to your downloader for indirect downloading on your www?

    Placing unknown downloaders on strange web sites will aways cause suspicion.

    Due to these reasons we will keep this detection. We don't detect your official products.
     
  3. reevesloh

    reevesloh Registered Member

    Joined:
    Jul 6, 2009
    Posts:
    160
    Marcos,yesterday me try to install Prevx and scan it and it found that my window file "svchost.eve" is a cloak threat and i submit that file to eset to analysis and after 2 days still no reply...I did it with "right click,advanced option and submit file to analysis"However i didnt think that file got infected.....
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Please read these[ instructions for submitting files for perusal. Do not forget to include as much information about the file as possible (e.g. the url you downloaded it from, the file you ran before you spotted weird system behavior, etc.).
     
  5. reevesloh

    reevesloh Registered Member

    Joined:
    Jul 6, 2009
    Posts:
    160
    If i just attach that file and not zip it could it work?Now gmail not allow me to send that file...what can i do?
     
    Last edited: Sep 11, 2009
Thread Status:
Not open for further replies.