Possible False Positives reported on SUPERAntiSpyware

Discussion in 'other anti-malware software' started by Daveski17, Sep 13, 2014.

  1. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    8,029
    Location:
    Lloegyr
    I scanned the installer I got from the direct download site for FotoSketcher 2.96 with avast!, MBAM and SAS on my x86 Vista laptop and it was clean. SAS flagged it has having a PUP on my x64 Win 7 desktop. MSE flagged it as clean. I also ran an MBAM scan which was also clean. When I copied the x86 installer, previously SAS had claimed clean on my Vista computer to my Win 7 machine SAS flagged it as having a PUP!

    http://forums.superantispyware.com/index.php?/topic/7917-reporting-false-positives/
     
  2. Frank the Perv

    Frank the Perv Banned

    Joined:
    Dec 16, 2005
    Posts:
    882
    Location:
    Virginia, USA
  3. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    8,029
    Location:
    Lloegyr
  4. Frank the Perv

    Frank the Perv Banned

    Joined:
    Dec 16, 2005
    Posts:
    882
    Location:
    Virginia, USA
    SAS is a strong contender for the scrap heap. In every test I've seen in the last 4 years, SAS finished dead last.

    For that type of product -- a signature based detection product that works with your AV -- there are not many anymore. There used to be many.. Giant, PestPatrol, Ewido, A2, Spyware Doctor, ZeroSpyware, CounterSpy, BoClean... they are all dead.

    One legitimate one still standing is MBAM which is great. Of the remaining products of that type, MBAM is the only one I know of that has tested well over and over again for years.

    And then... it's time for us all to look at non-signature based products -- MBAE, VooDoo, NVT EXE, AppGuard, SecureAPlus, Sandboxie..
     
  5. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    8,029
    Location:
    Lloegyr
    Yeah, I tend to agree. The only reason I started running SAS again was that the revamped MBAM has had hanging and context scan problems on x64 systems. It's not so bad on x86 but the whole idea of being able to context scan downoaded files is what I use it for mainly. I will say that MBAM's general scanning times are still pretty quick though.
     
  6. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    5,242
    To be fair, since Nick left SAS, they have been working on improving the product. At the moment while the new interface is nice, the detection rate is still poor, but hopefully in the coming months that will improve.
     
  7. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    8,029
    Location:
    Lloegyr
    I think that there have been significant improvements and SAS is the only anti-malware product to actually ever detect and remove anything harmful from a computer I own. No dedicated anti-virus program I have ever run has ever found anything either suspicious or properly malicious on my computers, with the exception of avast!, which has only actually detected and removed PUP's. These f-p's are a bit disconcerting though. But MBAM used to have f-p's regularly at one time. I've never seen them before in SAS and I've been running it on and off for six years. Personally, I can't wait to go all Mac and Ubuntu!
     
  8. trott3r

    trott3r Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    830
    Location:
    UK
    BTW there is Hitmanpro scanner that works like mbam.
    You get the hitmanpro.alert free with the year licence as well which is good value
     
  9. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    8,029
    Location:
    Lloegyr
    Hitman Pro is a freeware cloud scanner right?
     
  10. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,317
    Location:
    AmstelodamUM
    It's freeware as long as you don't use the 'remove malware for free only once' option.
    As long as you use it just to scan (for instance as a 'seriously fast bootup-scanner only'), not removal, it stays free.
     
  11. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    8,029
    Location:
    Lloegyr
    OK, thanks for the info.
     
  12. trott3r

    trott3r Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    830
    Location:
    UK
    It uses kaspersky or bitdefender definitions and their own research as well.
    Its like malwarebytes basically but different defs
     
  13. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    8,029
    Location:
    Lloegyr
  14. Carver

    Carver Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    1,827
    Location:
    USA
    SAS said Blender and other programs are Trojans and wanted to delete them, every program has false positives just not like SAS
    @Daveski17 Zoom media player is another such program, the program itself scans clean, but the installer gives a FP. Sometimes you can save yourself a lot of trouble by just deleting the installer after you install the program.
     
  15. SUPERAntiSpyware1

    SUPERAntiSpyware1 Registered Member

    Joined:
    May 19, 2014
    Posts:
    40
    We apologize for the false positives on the installers. We worked on a severely infected machine and found multiple copies of similar installers being used to infect the machine. We now know that the installer is being used by both legitimate and malware programs.
     
  16. SUPERAntiSpyware1

    SUPERAntiSpyware1 Registered Member

    Joined:
    May 19, 2014
    Posts:
    40
    SUPERAntiSpyware constantly removes more than 3,000,000 malware files a month. We're working to figure out why we do so poorly on the tests. We're also pushing hard to improve our detection rate on real-world infected machines. Any suggestions from this group are greatly appreciated.
     
  17. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    8,029
    Location:
    Lloegyr
    Yes, but I routinely scan installers after downloading them. Sometimes I keep them for a while in case I have to reinstall the app.
     
Loading...