false positive by kaspersky

contains all delphi packages mentioned below
Post Reply
ciuly
Posts: 65
Joined: Mon Apr 30, 2007 1:16 pm
Location: Romania

false positive by kaspersky

Post by ciuly »

Hi,

FYI, I was about to download latest madcollection.exe at work where we run kaspersky 6.0.4.1424 (a.d.f), up-to-date, which reports:
detected: virus HEUR:Trojan.Win32.Generic file: http://madshi.net/madCollection.exe

I downloaded it yesterday from home, where I run avast and that didn't complain.

I though false positives for this were over long time ago :)
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Re: false positive by kaspersky

Post by madshi »

Argh, they promised me they'd white list my certificate!

Weird, though, http://www.virustotal.com reports no problems with Kaspersky / madCollection.exe.
ciuly
Posts: 65
Joined: Mon Apr 30, 2007 1:16 pm
Location: Romania

Re: false positive by kaspersky

Post by ciuly »

it wouldn't be the first time kaspersky introduces a false positive with an update ;)

le: forgot to mention, this happens with the web scanner only. So, when you download: false-positive. if you scan the downloaded file, all is ok.
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Re: false positive by kaspersky

Post by madshi »

Thanks. I've pointed them to this thread, hopefully they'll remove the problem quickly.
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Re: false positive by kaspersky

Post by madshi »

FWIW, Kaspersky just told me they'd fix this with the next update.

As much problems I've had with them recently, at least they're quick to reply to false alarm complaints.
ciuly
Posts: 65
Joined: Mon Apr 30, 2007 1:16 pm
Location: Romania

Re: false positive by kaspersky

Post by ciuly »

least they can do :)
ciuly
Posts: 65
Joined: Mon Apr 30, 2007 1:16 pm
Location: Romania

Re: false positive by kaspersky

Post by ciuly »

doesn't seem like they fixed it. While checking out from local svn I get:
file C:\....\madCollection_3_0_m.exe: detected modification of virus 'HEUR:Trojan.Win32.Generic'.
Tried from web, as well:
file C:\Users\Administrator\AppData\Local\Temp\ogi5YxAk.exe.part: detected modification of virus 'HEUR:Trojan.Win32.Generic'.
last update of kaspersky was today.
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Re: false positive by kaspersky

Post by madshi »

Argh, thanks for letting me know, I'll contact them again!
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Re: false positive by kaspersky

Post by madshi »

Kaspersky says:

"The file referred by viewtopic.php?f=11&t=25970 should not be detected. If it is now detected, it should be that the database have not been updated. Please just wait for the update."
ciuly
Posts: 65
Joined: Mon Apr 30, 2007 1:16 pm
Location: Romania

Re: false positive by kaspersky

Post by ciuly »

for a service that provides updates on a daily basis, the fix is taking quite a lot of days to arrive. oh well.
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Re: false positive by kaspersky

Post by madshi »

Well, as you said yourself, some parts of Kaspersky complain, while others don't. So it seems that they also use different data sets. Maybe those for web checking are updated less often? I've no idea, I don't understand it, either...
Post Reply