false positive by kaspersky

contains all delphi packages mentioned below

false positive by kaspersky

Postby ciuly » Mon May 30, 2011 6:13 am

Hi,

FYI, I was about to download latest madcollection.exe at work where we run kaspersky 6.0.4.1424 (a.d.f), up-to-date, which reports:
detected: virus HEUR:Trojan.Win32.Generic file: http://madshi.net/madCollection.exe

I downloaded it yesterday from home, where I run avast and that didn't complain.

I though false positives for this were over long time ago :)
ciuly
 
Posts: 62
Joined: Mon Apr 30, 2007 1:16 pm
Location: Romania

Re: false positive by kaspersky

Postby madshi » Mon May 30, 2011 7:34 am

Argh, they promised me they'd white list my certificate!

Weird, though, http://www.virustotal.com reports no problems with Kaspersky / madCollection.exe.
madshi
Site Admin
 
Posts: 9821
Joined: Sun Mar 21, 2004 5:25 pm

Re: false positive by kaspersky

Postby ciuly » Mon May 30, 2011 7:44 am

it wouldn't be the first time kaspersky introduces a false positive with an update ;)

le: forgot to mention, this happens with the web scanner only. So, when you download: false-positive. if you scan the downloaded file, all is ok.
ciuly
 
Posts: 62
Joined: Mon Apr 30, 2007 1:16 pm
Location: Romania

Re: false positive by kaspersky

Postby madshi » Mon May 30, 2011 8:10 am

Thanks. I've pointed them to this thread, hopefully they'll remove the problem quickly.
madshi
Site Admin
 
Posts: 9821
Joined: Sun Mar 21, 2004 5:25 pm

Re: false positive by kaspersky

Postby madshi » Mon May 30, 2011 8:33 am

FWIW, Kaspersky just told me they'd fix this with the next update.

As much problems I've had with them recently, at least they're quick to reply to false alarm complaints.
madshi
Site Admin
 
Posts: 9821
Joined: Sun Mar 21, 2004 5:25 pm

Re: false positive by kaspersky

Postby ciuly » Mon May 30, 2011 9:25 am

least they can do :)
ciuly
 
Posts: 62
Joined: Mon Apr 30, 2007 1:16 pm
Location: Romania

Re: false positive by kaspersky

Postby ciuly » Wed Jun 08, 2011 8:06 am

doesn't seem like they fixed it. While checking out from local svn I get:
file C:\....\madCollection_3_0_m.exe: detected modification of virus 'HEUR:Trojan.Win32.Generic'.
Tried from web, as well:
file C:\Users\Administrator\AppData\Local\Temp\ogi5YxAk.exe.part: detected modification of virus 'HEUR:Trojan.Win32.Generic'.
last update of kaspersky was today.
ciuly
 
Posts: 62
Joined: Mon Apr 30, 2007 1:16 pm
Location: Romania

Re: false positive by kaspersky

Postby madshi » Wed Jun 08, 2011 8:31 am

Argh, thanks for letting me know, I'll contact them again!
madshi
Site Admin
 
Posts: 9821
Joined: Sun Mar 21, 2004 5:25 pm

Re: false positive by kaspersky

Postby madshi » Wed Jun 08, 2011 9:07 am

Kaspersky says:

"The file referred by viewtopic.php?f=11&t=25970 should not be detected. If it is now detected, it should be that the database have not been updated. Please just wait for the update."
madshi
Site Admin
 
Posts: 9821
Joined: Sun Mar 21, 2004 5:25 pm

Re: false positive by kaspersky

Postby ciuly » Wed Jun 08, 2011 5:44 pm

for a service that provides updates on a daily basis, the fix is taking quite a lot of days to arrive. oh well.
ciuly
 
Posts: 62
Joined: Mon Apr 30, 2007 1:16 pm
Location: Romania

Re: false positive by kaspersky

Postby madshi » Wed Jun 08, 2011 6:37 pm

Well, as you said yourself, some parts of Kaspersky complain, while others don't. So it seems that they also use different data sets. Maybe those for web checking are updated less often? I've no idea, I don't understand it, either...
madshi
Site Admin
 
Posts: 9821
Joined: Sun Mar 21, 2004 5:25 pm


Return to madCollection

Who is online

Users browsing this forum: No registered users and 2 guests