Kaspersky not correcting false positive

Discussion in 'other anti-virus software' started by Abeltje, Sep 20, 2008.

Thread Status:
Not open for further replies.
  1. Abeltje

    Abeltje Registered Member

    Joined:
    Aug 24, 2006
    Posts:
    156
    Location:
    Netherlands
    Hi everyone,

    I got that one program from a dating site from a Dutch newspaper which would basically stay in your system tray and inform you about online contacts / new messages (www.nextlover.nl). Very small and absolutely harmless.

    Kaspersky detects it both by heuristics and with PDM if you turn off heuristics as trojan. In automatic mode its deleted automatically.

    I reported it to Kaspersky and got confirmation that it's no malware. But it was still detected. I wrote again. Then I thought it was fixed, but now it is been detected again. When I write to Kaspersky Lab they tell me it is not detected.

    Well that is funny cause it is still deleted anytime I try to download it even. Of course there are ways to work around that I guess. But in my opinion they should be able to fix a false positive, shouldn't they? It's now more than one month that I reported it to them.

    In the light of the recent tests and user reports of increasing false positives this worries me.

    It's ok not to detect 100%, or to have false positives. But imo vendors should correct if customers report. I always thought that was Kasperskys strong point. And that is one of the reasons I switched to them in the first place. Now I might as well go back to Norton ...
     
  2. icr

    icr Registered Member

    Joined:
    Sep 6, 2008
    Posts:
    1,588
    Location:
    Mumbai
    try to add the program to exclusions so that kaspersky won't bother u again
     
  3. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    did you state in the email it is a false possitive?
     
  4. Abeltje

    Abeltje Registered Member

    Joined:
    Aug 24, 2006
    Posts:
    156
    Location:
    Netherlands
    @icr - I know this would work. But this is about principles. I just find it worrysome that they don't correct false positives. Maybe they are not able to because it would mean altering heurstic detections too much, I don't know about the technical difficulties. Either way it is dissatisfying.

    @lodore - Yes I mentioned that they told me themselves it is not malicious.
     
  5. Baz_kasp

    Baz_kasp Registered Member

    Joined:
    May 1, 2008
    Posts:
    593
    Location:
    London
    What exactly are the detections on this program?
     
  6. Abeltje

    Abeltje Registered Member

    Joined:
    Aug 24, 2006
    Posts:
    156
    Location:
    Netherlands
    Here there are 2 screenshots.
     

    Attached Files:

  7. Baz_kasp

    Baz_kasp Registered Member

    Joined:
    May 1, 2008
    Posts:
    593
    Location:
    London
    First one is a heuristic thing, so that can be fixed.... second one is a behavioural detection (which probably won't be fixed, because it's behavioural- BUT if the application is added to the HIPS trusted applications whitelist then it should be allowed by default)

    I'll have a word regarding the heur. detection.
     
  8. 3x0gR13N

    3x0gR13N Registered Member

    Joined:
    May 1, 2008
    Posts:
    754
    Hi Baz, :)
    A small correction here. Trojan.Generic is a PDM verdict, placing the application to the HIPS Trusted group won't have an effect on the PDM alerts, they'd still be shown. The only thing which should influence if the user is alerted (from PDM) is the "Do not notify..." option in the PDM. (and clearly, this app doesn't have a digital signature; if the user hasn't disabled the "Do not notify..." option which I don't think is the case)
    Instead, the application should be placed in the Trusted Zone with the corresponding rules created. :)
     
  9. Baz_kasp

    Baz_kasp Registered Member

    Joined:
    May 1, 2008
    Posts:
    593
    Location:
    London
    Cheers for correction.

    Abeltje: I will get in contact with one of the developers who deals with Heuristics on Monday to try and get this one sorted, thanks for the information.
     
  10. Baz_kasp

    Baz_kasp Registered Member

    Joined:
    May 1, 2008
    Posts:
    593
    Location:
    London
    Heur. detection is fixed with latest update.
     
  11. Abeltje

    Abeltje Registered Member

    Joined:
    Aug 24, 2006
    Posts:
    156
    Location:
    Netherlands
    Wow, indeed! No alarm anymore! Thanks very much Baz!
     
Loading...
Thread Status:
Not open for further replies.