senlyn false possitive

Discussion in 'ESET Smart Security' started by lodore, Jan 25, 2012.

Thread Status:
Not open for further replies.
  1. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    Hello,
    I play a game called senlyn and two of the exe files are being incorrectly flagged by eset smart security.

    both files are being flagged as probably a variant of Win32/Packed.MoleboxVS.C
    I have submitted the files to eset via email around a week ago but still not fixed.

    the website of the game is http://www.senlyn.com/Wiki/Main_Page

    the files are senlyn.exe and senlyn_freeze.exe

    I can provide more information if required.
    thanks in advance
     
  2. dwomack

    dwomack Eset Staff Account

    Joined:
    Mar 2, 2011
    Posts:
    588
  3. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    Hello dwomack,
    I have already submitted both files via email as an attachment in a password protected rar file along with the full detection names. Would you be able to find out the progress of my submission if I provide some more details such as email address and subject?
     
    Last edited: Jan 25, 2012
  4. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    The issue is under investigation. Please keep in mind, though, that the program may, in fact, be packed with the MoleBox Virtualization Solution software, which means this is not, per se, a false positive. The author of the software may have decided to use it to pack/obfuscate their code in order prevent it from reverse-engineered, or at least increase the complexity in doing so.

    As I understand it, Win32/MoleboxVS is classified as a potentially unwanted application, or PUA for short. That is something of a grey area for programs which may not be out-and-out malicious, but may perform actions which are undesirable. In the case of code obfuscation/runtime packing tools, detection of these is typically added when ESET sees them being abused by malware authors.

    If you want to run the program while waiting to hear back from ESET's virus lab, you disable checking of the specific files, or exclude them from being scanned. Information about these can be found in the following ESET Knowledgebase Articles:

    #139, How do I exclude certain files or folders from the On-demand scanner? (ESET v3.0)
    #560, How do I exclude certain files or folders from real-time scanning? (ESET v3.0)
    #2152, How do I exclude certain files or folders from the On-demand scanner? (ESET v4.x)
    #2153, How do I exclude certain files or folders from Real-time scanning? (ESET v4.x)
    #2198 How do I configure my Windows ESET security product to detect or ignore unwanted or unsafe applications? (ESET v4.x)
    #2629, What is a Potentially Unwanted Application?
    #2769, How do I exclude certain files or folders from Real-time scanning?(ESET v5.0)
    #2770, How do I exclude certain files or folders from the Computer scan?(ESET v5.0)
    #2912, How do I configure my Windows ESET security product to detect or ignore unwanted or unsafe applications?(ESET v5.0)
    You may also find the following white paper, "Problematic, Unloved and Argumentative: What is a potentially unwanted application (PUA)?" [PDF, 503KB] helpful in understanding the how's and why's of ESET's PUA classifications.

    Regards,

    Aryeh Goretsky
     
  5. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    Hello,

    thanks for the replies and information. I have received an email from the labs and both files have been fixed.
     
Thread Status:
Not open for further replies.