I think I found some false positives

Discussion in 'Prevx Releases' started by Jeroen1000, Oct 25, 2009.

Thread Status:
Not open for further replies.
  1. Jeroen1000

    Jeroen1000 Registered Member

    Joined:
    Aug 18, 2008
    Posts:
    162
    I don't think these files pose a risk? Below are the log entries.

    Cheers,

    Jeroen

    [BP] z:\program files\cain\abel.exe [PX5: DB89B3BD00316E647C7200946768AE00FE4B7FC4] Malware Group: Medium Risk Malware
    [BP] z:\program files\cain\abel.dll [PX5: 161D72E100764F3382CD0077CB3F0000115D8A4B] Malware Group: High Risk Cloaked Malware
    [BP] (ACTIVE) z:\program files\cain\cain.exe [PX5: 13A76A380014AC2C365C137CDC838C007FC62730] Malware Group: Medium Risk Malware
     
  2. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Thank you for the report - we have corrected the FPs :)

    It's also probably worth noting that Cain/Abel is a hackertool which is why it was flagged in the first place, but it isn't malicious on its own.
     
    Last edited: Oct 25, 2009
  3. Jeroen1000

    Jeroen1000 Registered Member

    Joined:
    Aug 18, 2008
    Posts:
    162
    Working on sundays now too:)

    Hmm perhaps you should flag them with an orange colour instead of red? What I mean is, I would like to know that they are present on my system but they should not be identified as high risk cloaked malware.

    PrevX also flags all executables that have something to do with rainbow table generation (rcrack.exe, rtgen.exe and others).
    It's just a suggestion as I would prefer it over removing them from the database.

    Cheers,

    Jeroen

    ps; sorry I missed the thread on how to report FP's. I've read it now and will be using it in the future.
     
Thread Status:
Not open for further replies.