Report False-Positives To Anti-Virus Companies

Post a reply


In an effort to prevent automatic submissions, we require that you complete the following challenge.
Smilies
:D :) ;) :( :o :shock: :? 8-) :lol: :x :P :oops: :cry: :evil: :twisted: :roll: :!: :?: :idea: :| :mrgreen: :geek: :ugeek: :arrow: :angel: :clap: :crazy: :eh: :lolno: :problem: :shh: :shifty: :sick: :silent: :think: :thumbup: :thumbdown: :salute: :wave: :wtf: :yawn: :facepalm: :bravo: :dance: :beard: :morebeard: :xmas: :HeHe: :trollface: :cookie: :rainbow: :monkeysee: :monkeysay: :happybday: :headwall: :offtopic: :superhappy: :terms: :beer:
View more smilies

BBCode is ON
[img] is OFF
[flash] is OFF
[url] is ON
Smilies are ON

Topic review
   

Expand view Topic review: Report False-Positives To Anti-Virus Companies

Re: Report False-Positives To Anti-Virus Companies

Post by margotti » 30 Mar 2020, 10:41

Yeah these companies have taken a lot of advantage of us

Re: Report False-Positives To Anti-Virus Companies

Post by SOTE » 21 Mar 2020, 11:59

lmstearn wrote:
19 Mar 2020, 08:47
Submitted two AHK (v1.1.32.00) files as per clean.zip with a custom icon to VirusTotal that had only one line in each:
Thanks for the report and for submitting. Will be updating the 1st post with vendors not on our list.

Re: Report False-Positives To Anti-Virus Companies

Post by lmstearn » 19 Mar 2020, 08:47

Submitted two AHK (v1.1.32.00) files as per
clean.zip
(709.56 KiB) Downloaded 21 times
with a custom icon to VirusTotal that had only one line in each:

Code: Select all

Msgbox Clean
One file was an MPress compilation, the other not.
For some AHK compilations, zipped MPress files were ignored by many vendors, sadly, the above scan doesn't just contain the usual suspects:
  • SecureAge APEX: Malicious
  • CrowdStrike Falcon: Win/malicious_confidence_60% (W)
  • Endgame: Malicious (moderate Confidence)
  • FireEye: Generic.mg.a6f7c4814f82f139
  • MaxSecure: Trojan.Malware.121218.susgen
  • McAfee-GW-Edition: BehavesLike.Win32.Downloader.dh
  • Zillya: Trojan.AutoHK.Win32.477
There's 13 more!
You know, after all these years, I'm convinced the only algorithm used in these virus detection programs is the Einstellung method.

Re: Report False-Positives To Anti-Virus Companies

Post by SOTE » 27 Jan 2020, 04:14

BarberH wrote:
27 Jan 2020, 02:53
Thus their list (for now and because it's not updated) is not as relevant for helping the AHK community combat false-positives. We should not want people submitting to vendors that will not help stop the false-positive problem
This statement is strange and it might be because of the English used, but can you clarify what you mean more?

Based on what I think you might be saying:

1. This list here is updated.
2. The list here reflects major AV companies that will have an impact.
3. People should submit false-positives to AV companies, because it's the only way to get them to update their databases or re-check.
4. Submitting false-positives do make a difference. I've had and seen companies update their databases.
5. You may also need to submit to many companies, not just one. AV companies can be blindly adding signatures or copying from other AV companies, without doing all the needed detailed research. Push-back from users and customers causes them to re-check and verify. Thus a list such as this is important for the AHK community.

In the case of Jiangmin, it's the right move for the AHK community to inform VirusTotal (Google) and have them put some pressure on Jiangmin (or any company doing wrong) to be responsive to users and make corrections about false-positives or VirusTotal admin (or Google the owner) will remove them from the VirusTotal list.

Re: Report False-Positives To Anti-Virus Companies

Post by jongyun24 » 14 Jan 2020, 19:57

i gonna wait for Virus Total's Return Messsage

Ana Tinoco (VirusTotal)
Jan 13, 6:09 AM PST
Hello,
I have just contacted Jiangmin. I'll keep you informed.
Regards,
Ana Tinoco - VirusTotal - www.virustotal.com
Have you tried the VirusTotal Graph?

Re: Report False-Positives To Anti-Virus Companies

Post by SOTE » 11 Jan 2020, 20:14

jongyun24 wrote:
10 Jan 2020, 00:40
I' still Send to mail to jiangmin a Week 1~2 Time for False Positive.
and One more Send to Total Virus.
You are doing the correct thing. Hopefully, Jiangmin will respond and remove the false-positive or VirusTotal (Google) will take some action towards Jiangmin for not responding to users or for unreliability.

Re: Report False-Positives To Anti-Virus Companies

Post by jongyun24 » 10 Jan 2020, 00:40

I' still Send to mail to jiangmin a Week 1~2 Time for False Positive.
Please VirusTotal Kick the Foilish Chinease Vaccine. and One more Send to Total Virus
Luck For Everyone.

Re: Report False-Positives To Anti-Virus Companies

Post by SOTE » 09 Jan 2020, 15:15

According to many Internet reports and complaints, Jiangmin seems to ignore all e-mail addresses equally.

Re: Report False-Positives To Anti-Virus Companies

Post by jongyun24 » 08 Jan 2020, 21:09

2 Weeks ago i sent to Viruatotal about Jiangmin

then said like that.

=▼= Virustotal Said =▼=
Hello,
Please, try to contact them at [email protected].
Regards,
Ana Tinoco - VirusTotal - www.virustotal.com
=▲= Virustotal Said =▲=

Re: Report False-Positives To Anti-Virus Companies

Post by smschulz » 01 Jan 2020, 08:18

I'm surprised Kaspersky is listed. They seem to be ok

Re: Report False-Positives To Anti-Virus Companies

Post by SOTE » 26 Dec 2019, 03:44

Jiangmin is very problematic, and appears to have been so for many years now. Huge number of reports all over the Internet of users not able to contact their support. The issue is with Google's VirusTotal using them. It might be better to contact Google's VirusTotal and request them to remove Jiangmin, since they have such problematic support issues and many false-positive reports.

VirusTotal Contributor List
https://support.virustotal.com/hc/en-us/articles/115002146809-Contributors

Contact for VirusTotal
https://www.virustotal.com/gui/contact-us

You can also join the VirusTotal Community, which will allow voting and commenting about reviews and results.
https://support.virustotal.com/hc/en-us/articles/115003457349-Join-Community

Re: Report False-Positives To Anti-Virus Companies

Post by jongyun24 » 25 Dec 2019, 19:38

For "AutoHotkey_1.1.32.00_setup.exe"

New Guys
● Rising Antivirus [[email protected] (RDML:8rBbJKRRbqbCJoUDGXKe6w)]
report the false positive files from here : mailcenter.rising.com.cn/filecheck_en/ Broken Link for safety
*False Postive - Inquiries number: RS20191226084524270124 , RS20200107141947700674

● Still in [false Positive] : ☞ Jiangmin [Trojan.MSIL.npxv]
- Every Mail block...I used to google, Naver, Daum, Hotmail, Our Company Mail.
i think China not allow Others conturys sth.

=======================================
Cleared - * Bkav [W32.AIDetectVM.malware1]
Cleared - * Antiy-AVL [Trojan/Win32.Wofith]
=======================================

I wanna use Autohotkey in our Company.
Coz our Follish IT Security Center Only Believe Virustotal.

Re: Report False-Positives To Anti-Virus Companies

Post by SOTE » 19 Dec 2019, 05:31

jongyun24 wrote:
18 Dec 2019, 19:30
* Bkav [W32.AIDetectVM.malware1]

* Jiangmin [Trojan.MSIL.npxv]

* Antiy-AVL [Trojan/Win32.Wofith]
Thanks. List updated, see 1st post.

The AutoHotkey community must always stay vigilant. Google (VirusTotal owner) continues to make many agreements with Anti-Virus companies from all over the world, who have questionable practices in updating their databases and research. So it's also up to users to help and inform them when they are wrong.

Re: Report False-Positives To Anti-Virus Companies

Post by jongyun24 » 18 Dec 2019, 19:30

* Bkav [W32.AIDetectVM.malware1]
https www.bkav.com /contact-us Broken Link for safety

* Jiangmin [Trojan.MSIL.npxv]
Virus Lab:
Virus sample report email: [email protected]
White list report email: [email protected]
Sample exchange email: [email protected]
Website cooperation and content correction:
Phone: (010) 82511166 Email: [email protected]

Please Fix that false Positive !

▼ that's Fix it
* Antiy-AVL [Trojan/Win32.Wofith]
https www.antiy.net /contacts/ Broken Link for safety
False Positive
Email: [email protected]

Re: Report False-Positives To Anti-Virus Companies

Post by chrispeddler » 20 May 2019, 21:54

Thank you for the info. Will do take note of this.

Re: Report False-Positives To Anti-Virus Companies

Post by nnnik » 23 Apr 2019, 11:09

They are spam bots. Quite good ones too. Took us quite long to notice this.

Re: Report False-Positives To Anti-Virus Companies

Post by gregster » 23 Apr 2019, 09:57

SOTE wrote:
23 Apr 2019, 01:29
What are you talking about? McAfee has a false-positive procedure, where you inform them by e-mail, and they are included.
"Rachel" and "Maria" are both accounts that have connections to the same company (you can find it in their account details, see under "Website"). Other accounts with the same affiliation also made strange posts before and - from time to time - dropped a link or two (and some have been banned, iirc). They don't seem to be bots, but I strongly suspect that they mainly contribute something in order to advertize casually later and not because they have any real interest in the subject.

@mariafox and @RachelKieran, do you mind to elaborate on your strange posts here or are you ok with permanently closing your accounts?

Re: Report False-Positives To Anti-Virus Companies

Post by SOTE » 23 Apr 2019, 01:29

mariafox wrote:
23 Apr 2019, 00:52
Thank god that McAfee is not included above list, this is the best Antivirus ever because of its better performance & response. Good thing is there is no available option of false detection form.
What are you talking about? McAfee has a false-positive procedure, where you inform them by e-mail, and they are included.

Re: Report False-Positives To Anti-Virus Companies

Post by Sam_ » 18 Apr 2019, 06:02

RachelKieran wrote:
17 Apr 2019, 06:10
Antiviruses generally makes the PC performance low and sometimes it even sends virus in your computer if you do not purchase the premium version of many software.
Please cite your sources. I'm interested to know where you are getting this information.

Re: Report False-Positives To Anti-Virus Companies

Post by SOTE » 14 Apr 2019, 04:54

gwarble wrote:
03 Apr 2019, 08:49
I also haven't used mpress (or upx) since like 2010, and still get false positives all the time on compiled scripts, so it may help but it is not a total solution. Some older versions (and simpler scripts) are 1 or 2 FPs on VisusTotal, some newer compiled ahk versions (and more complex, "invasive" but functional scripts up to 11 false positives at the moment)

I also have major problems with "Microsoft Security Essentials" (which is effectively the same as Defender afaik) and programs I run and distribute throughout my workplace, even when explicitly permitted. Even though I don't bother with reporting user's complaints about false positives for EitherMouse anymore, I've started submitting to microsoft my own internal company programs just so they stop getting deleted.
Some good points.

And we have to stay on these Anti-Virus companies, because arguably a lot of this drama is about laziness. High level programmers working at these Anti-Virus companies should have a much easier time analyzing an open source interpreted scripting language, in comparison to traditionally compiled languages or closed source, to determine if there is really a threat. There are a number of ways for them to see the script, even when "bound" to the open source executable. Just no excuse for the silliness that is taking place or out of control heuristic scanners labeling anything as a threat.

Top