PGP SDA (self decrypting archive) FP

Discussion in 'Prevx Releases' started by x942, Sep 6, 2011.

Thread Status:
Not open for further replies.
  1. x942

    x942 Guest

    I use PGP to create SDA (Self decrypting archives) all the time. For some reason one of them (named documents.exe) was detected as cloaked malware. I deleted it and re-encrypted the same file with the same password and now it is no longer detected. Strange. Either way I can't really submit a sample as every file created with PGP is different (encrypted) so I guess that one instance matched malware some how?


    Very strange. I have checked with avast and MBAM no infection found. all good.


    Just thought I would post hear because (as I said) I can't really submit an example in this case.
     
  2. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,014
    Location:
    Ontario, Canada
    Are you using Prevx 3 or WSA? As you could save a log and send the PX5 from P3 or the MD5 from WSA and send the line to support as they don't really need the file!

    TH
     
  3. x942

    x942 Guest

    Prevx 3 Paid version. the line is as follows:

    Code:
    [MM] C:\users\My Name here\documents.exe [PX5: 0000000000000000000000000000000000000000] Malware Group: Manually Added
    Just to note I have almost all setting set to full as I am somewhat paranoid about security on this laptop (it's my business laptop).
     
  4. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    I suspect changing your settings to the maximum is what is causing the false positives in Prevx 3.0. Because the programs you're creating are unique, the higher heuristic settings will block them all the time. You will probably need to lower your settings, but if the detection persists, please write into our support inbox and we'll fix it :)
     
  5. x942

    x942 Guest

    Thank you for your help. Just one more question:

    Why does it say "malware group: manually added" and PX5 is all zeros?


    Thanks,

    Kyle Davidson
     
Thread Status:
Not open for further replies.