Report False-Positives To Anti-Virus Companies
Re: Report False-Positives To Anti-Virus Companies
According to many Internet reports and complaints, Jiangmin seems to ignore all e-mail addresses equally.
Re: Report False-Positives To Anti-Virus Companies
I' still Send to mail to jiangmin a Week 1~2 Time for False Positive.
Please VirusTotal Kick the Foilish Chinease Vaccine. and One more Send to Total Virus
Luck For Everyone.
Please VirusTotal Kick the Foilish Chinease Vaccine. and One more Send to Total Virus
Luck For Everyone.
Re: Report False-Positives To Anti-Virus Companies
You are doing the correct thing. Hopefully, Jiangmin will respond and remove the false-positive or VirusTotal (Google) will take some action towards Jiangmin for not responding to users or for unreliability.
Re: Report False-Positives To Anti-Virus Companies
i gonna wait for Virus Total's Return Messsage
Ana Tinoco (VirusTotal)
Jan 13, 6:09 AM PST
Hello,
I have just contacted Jiangmin. I'll keep you informed.
Regards,
Ana Tinoco - VirusTotal - www.virustotal.com
Have you tried the VirusTotal Graph?
Ana Tinoco (VirusTotal)
Jan 13, 6:09 AM PST
Hello,
I have just contacted Jiangmin. I'll keep you informed.
Regards,
Ana Tinoco - VirusTotal - www.virustotal.com
Have you tried the VirusTotal Graph?
Re: Report False-Positives To Anti-Virus Companies
This statement is strange and it might be because of the English used, but can you clarify what you mean more?
Based on what I think you might be saying:
1. This list here is updated.
2. The list here reflects major AV companies that will have an impact.
3. People should submit false-positives to AV companies, because it's the only way to get them to update their databases or re-check.
4. Submitting false-positives do make a difference. I've had and seen companies update their databases.
5. You may also need to submit to many companies, not just one. AV companies can be blindly adding signatures or copying from other AV companies, without doing all the needed detailed research. Push-back from users and customers causes them to re-check and verify. Thus a list such as this is important for the AHK community.
In the case of Jiangmin, it's the right move for the AHK community to inform VirusTotal (Google) and have them put some pressure on Jiangmin (or any company doing wrong) to be responsive to users and make corrections about false-positives or VirusTotal admin (or Google the owner) will remove them from the VirusTotal list.
Re: Report False-Positives To Anti-Virus Companies
Submitted two AHK (v1.1.32.00) files as per
One file was an MPress compilation, the other not.
For some AHK compilations, zipped MPress files were ignored by many vendors, sadly, the above scan doesn't just contain the usual suspects:
You know, after all these years, I'm convinced the only algorithm used in these virus detection programs is the Einstellung method.
with a custom icon to VirusTotal that had only one line in each:
Code: Select all
Msgbox Clean
For some AHK compilations, zipped MPress files were ignored by many vendors, sadly, the above scan doesn't just contain the usual suspects:
- SecureAge APEX: Malicious
- CrowdStrike Falcon: Win/malicious_confidence_60% (W)
- Endgame: Malicious (moderate Confidence)
- FireEye: Generic.mg.a6f7c4814f82f139
- MaxSecure: Trojan.Malware.121218.susgen
- McAfee-GW-Edition: BehavesLike.Win32.Downloader.dh
- Zillya: Trojan.AutoHK.Win32.477
You know, after all these years, I'm convinced the only algorithm used in these virus detection programs is the Einstellung method.
itros "ylbbub eht tuO kaerB" a ni kcuts m'I pleH
Re: Report False-Positives To Anti-Virus Companies
Yeah these companies have taken a lot of advantage of us
Re: Report False-Positives To Anti-Virus Companies
I'm really curious about that Sam? Here is my situation: I have a little automation tool that about 100 people are interested in using. Following your advice I use /mpress 0 to stop it compression. I then put it up on my Dropbox for them to download. As soon as they download, Chrome screams at them that this is dangerous software. If they dare to download it, their Anti-Virus (I mean "trusted crapware") screams at them that this is a virus and deletes the file. So now only half of the people dare to use the tool because they think I'm trying to install viruses on their systemsSam_ wrote: ↑26 Mar 2019, 16:01More often than not, I have found that AV software tends to complain about compiled AHK scripts when they have been compressed with mpress. Apparently, overzealous AV software sees compressed EXEs as an attempt to hide or obfuscate ("malicious") code, which I find a shame. As a result, I have gone away from allowing the compiler to use mpress. Every now and then I'll still have a user report that some AV program complains about a compiled script (or experience it myself), but it's much more rare.
Do you not all find the same if you try to distribute a compiled tool using Ahk2Exe? I've even heard there are people on here that have sold Autohotkey tools as commercial software. I fail to see how since all of the Anti-VirusCrapware tools go into full tantrum mode and delete-with-prejudice any tools that I try to give to people. Please teach me how to get around this if possible as makes distributing Autohotkey tools depressingly difficult.
Re: Report False-Positives To Anti-Virus Companies
@roysubs
From a quick search, it appears Chrome uses the Google Safe Browsing API to determine if a download or site is malicious. You can read the articles on "Malware and Unwanted Software" and "Security Issues Report", however, submitting false positive reports doesn't appear to be strait forward.
From a quick search, it appears Chrome uses the Google Safe Browsing API to determine if a download or site is malicious. You can read the articles on "Malware and Unwanted Software" and "Security Issues Report", however, submitting false positive reports doesn't appear to be strait forward.
Re: Report False-Positives To Anti-Virus Companies
Chrome is not Anti-Virus software. What is usually the case is they are focused on the website or weblink. The website or weblink has been reported as malware or Google's algorithm has determined the website is infected with malware or the weblink is pointing to such. Google's algorithm to determine if your weblink or website is hosting or pointing to malware is partially determined by VirusTotal (also owned by Google). How exactly that Google comes to its conclusions is not exactly known and they keep it a secret from the public.
Keep in mind that a significant number of people might be reporting your software, website, or weblink as bad. To include as a prank, harassment tactic, or out of cluelessness about software. These reports can also be a factor in Google's determination. So you need to be clear about whether or not your software is or isn't malware, and be able to prove your case. Some people are clueless about software. This is on both sides. The author of the program (where the program is having unintended consequences) or those that receive the program (that are making false assumptions or false claims).
If you are a webmaster, you have a few options to dispute such a determination. Though keep in mind that your battle will usually and primarily be with Google, so you must use their website tools (https://developers.google.com/web/fundamentals/security/hacked/use_search_console). If you are not a webmaster and simply providing a link, this gets a bit harder. Below includes some alternatives for battling Google's determinations that might help.
https://www.stopbadware.org/request-review
StopBadware provides a so-called independent review process for your website or weblink to dispute Google's determinations.
https://www.virustotal.com/gui/contact-us
VirusTotal Online contact form. They are owned by Google, but it's possible that the IT personnel that maintain that site can be helpful.
Note: you should choose this option when submitting- My site/file has been improperly flagged as harmful (false positive)
https://safebrowsing.google.com/safebrowsing/report_error/?hl=en
You can report that Google has made a mistake in their determination. It says incorrect phishing warning, but can also be used for false-positives (to include links) and wrongful determinations.
https://support.google.com/chrome/community?hl=en
You might get the attention of Google staff that handle Chrome by posting a complaint, and where others join in to add their similar complaints.
Google Feedback
You can often find it at the bottom of a Google related page that you are on. Often, this is like putting a message in a bottle and throwing it in the ocean, as Google doesn't usually give a direct human response. Often it's more a "feel better" to ventilate anger over Google shenanigans. But, if enough people are complaining about the same things, this does seem to trigger Google algorithms so that eventually a human might look at the group of complaints.
If you are a webmaster. The usual tool to battle Google's determinations is Google Search Console.
https://search.google.com/search-console/about
Keep in mind that a significant number of people might be reporting your software, website, or weblink as bad. To include as a prank, harassment tactic, or out of cluelessness about software. These reports can also be a factor in Google's determination. So you need to be clear about whether or not your software is or isn't malware, and be able to prove your case. Some people are clueless about software. This is on both sides. The author of the program (where the program is having unintended consequences) or those that receive the program (that are making false assumptions or false claims).
If you are a webmaster, you have a few options to dispute such a determination. Though keep in mind that your battle will usually and primarily be with Google, so you must use their website tools (https://developers.google.com/web/fundamentals/security/hacked/use_search_console). If you are not a webmaster and simply providing a link, this gets a bit harder. Below includes some alternatives for battling Google's determinations that might help.
https://www.stopbadware.org/request-review
StopBadware provides a so-called independent review process for your website or weblink to dispute Google's determinations.
https://www.virustotal.com/gui/contact-us
VirusTotal Online contact form. They are owned by Google, but it's possible that the IT personnel that maintain that site can be helpful.
Note: you should choose this option when submitting- My site/file has been improperly flagged as harmful (false positive)
https://safebrowsing.google.com/safebrowsing/report_error/?hl=en
You can report that Google has made a mistake in their determination. It says incorrect phishing warning, but can also be used for false-positives (to include links) and wrongful determinations.
https://support.google.com/chrome/community?hl=en
You might get the attention of Google staff that handle Chrome by posting a complaint, and where others join in to add their similar complaints.
Google Feedback
You can often find it at the bottom of a Google related page that you are on. Often, this is like putting a message in a bottle and throwing it in the ocean, as Google doesn't usually give a direct human response. Often it's more a "feel better" to ventilate anger over Google shenanigans. But, if enough people are complaining about the same things, this does seem to trigger Google algorithms so that eventually a human might look at the group of complaints.
If you are a webmaster. The usual tool to battle Google's determinations is Google Search Console.
https://search.google.com/search-console/about
-
- Posts: 6
- Joined: 13 Nov 2017, 04:18
Re: Report False-Positives To Anti-Virus Companies
Hello, I have been getting the following message for about 2 weeks with Windows Defender. It is a script which I have written with autohotkey.
See Attachment. What can i do?
See Attachment. What can i do?
Re: Report False-Positives To Anti-Virus Companies
If you think it's a false positive (which I would assume, if it wasn't infected unluckily on your computer by some third-party malware), you can report the script to Microsoft, so that they can improve their heuristics. Please see https://www.autohotkey.com/boards/viewtopic.php?f=17&t=62266#p264913 Unfortunately, AHK experiences a lot of problems with false positives.
If you are reasonably sure that it is a false positive, you could create an exception for it in Windows Defender, and start using it again. Whatever you do, act reasonably and at your own risk.
Re: Report False-Positives To Anti-Virus Companies
You should read the 1st post. Other people don't know where you got the file from, know about any strange code that a person might be sending to others, nor have the same issue. The most direct course of action is for you to submit the file to Microsoft. You didn't have to wait for 2 weeks, it's something that you can do immediately.PIcard_1983 wrote: ↑11 May 2020, 06:02Hello, I have been getting the following message for about 2 weeks with Windows Defender. It is a script which I have written with autohotkey.
What can i do?
Microsoft Online Submission for False-Positives: https://www.microsoft.com/en-us/wdsi/filesubmission
Note- Most people will need to select "Home customer" and then "Continue". Will give tracking of Microsoft's decision.
What would be helpful to the community is that you tell us about what version of the AutoHotkey interpreter that you are using, where you got it from, possibly a sample of the script that you wrote that might be causing the issue. This, of course, is up to you as to which or none that you would like to do. Though it would be good to know what Microsoft says about the file you submit.
Re: Report False-Positives To Anti-Virus Companies
I notified MaxSecure, who thought Autohotkey.exe was harmful, with this mail. They said it would be resolved in the next update.
info@maxpcsecure.com
info@maxpcsecure.com
Re: Report False-Positives To Anti-Virus Companies
An antivirus that has just joined VirusTotale has detected Autohotkey as harmful.
I reported False Positives from this link.
https://www.secureaplus.com/features/antivirus/report-false-positive/
I reported False Positives from this link.
https://www.secureaplus.com/features/antivirus/report-false-positive/
Re: Report False-Positives To Anti-Virus Companies
@hasantr
Good job, Hasantr. It's amazing how low quality the companies being accepted to VirusTotal are. If you can't figure out an open-source scripting language interpreter with all of its source code freely available on GitHub is not malware, then there is something very wrong.
Good job, Hasantr. It's amazing how low quality the companies being accepted to VirusTotal are. If you can't figure out an open-source scripting language interpreter with all of its source code freely available on GitHub is not malware, then there is something very wrong.
Re: Report False-Positives To Anti-Virus Companies
Ok, many Thanks. Autohotkey-Version: v1.1.32.00SOTE wrote: ↑11 May 2020, 06:49What would be helpful to the community is that you tell us about what version of the AutoHotkey interpreter that you are using, where you got it from, possibly a sample of the script that you wrote that might be causing the issue. This, of course, is up to you as to which or none that you would like to do. Though it would be good to know what Microsoft says about the file you submit.PIcard_1983 wrote: ↑11 May 2020, 06:02Hello, I have been getting the following message for about 2 weeks with Windows Defender. It is a script which I have written with autohotkey.
What can i do?
You should read the 1st post. Other people don't know where you got the file from, know about any strange code that a person might be sending to others, nor have the same issue. The most direct course of action is for you to submit the file to Microsoft. You didn't have to wait for 2 weeks, it's something that you can do immediately.
Microsoft Online Submission for False-Positives: https://www.microsoft.com/en-us/wdsi/filesubmission
Note- Most people will need to select "Home customer" and then "Continue". Will give tracking of Microsoft's decision.
I'll report it to microsoft. I wrote the script myself. It runs a menu in the taskbar and accesses some file links on different network drives. Nothing more. It's just a support. Let's see what microsoft says.
-
- Posts: 6
- Joined: 23 Jun 2020, 05:01
Re: Report False-Positives To Anti-Virus Companies
Thank you tank and SOTE. It's nice to have people to be so attached to their community.
Personally, I don't bother sending false positives to AV companies. Because I think it's none of their business what I do with my files on my computer.
I just excluded the folder containing my scripts from scanning. In my opinion these scripts are more suspicious for them if they are just lurking somewhere, especially in the Start up folder. Once the scripts are being executed there seems to be no problem.
Personally, I don't bother sending false positives to AV companies. Because I think it's none of their business what I do with my files on my computer.
I just excluded the folder containing my scripts from scanning. In my opinion these scripts are more suspicious for them if they are just lurking somewhere, especially in the Start up folder. Once the scripts are being executed there seems to be no problem.
Re: Report False-Positives To Anti-Virus Companies
Thanks for your support. However, I think you might be missing the point of why it's important to report false-positives and are advocating for something that is detrimental to the community. It's not simply or only about you or I. It's about poorly run AV companies and competing parties accidentally or purposely mislabeling the software we use and rely on, which then escalates into problems for AHK users in general.slechtwere wrote: ↑23 Jun 2020, 07:54...Personally, I don't bother sending false positives to AV companies. Because I think it's none of their business what I do with my files on my computer. I just excluded the folder containing my scripts from scanning... Once the scripts are being executed there seems to be no problem.
True, you can probably create an exception for yourself. However, if you use the software in a school, business, work, or give it to friends that is a different situation. Those people using the software might not have:
1) The administrative access to create an exception
2) The technical knowledge to know what to do
3) The confidence to allow the software to run or give it permission based on fears and perceived negative reputation
In addition, being mislabeled as malware, tends to have an escalating effect. As has been shown in the past, you can have web browsers, websites that host software, e-mail servers, and public opinion involved. For example, you can have the software on your website mislabeled as malware, and then get unexpectedly blocked by Chrome and Firefox. Allowing AV companies to wrongfully mislabel an entire scripting language can lead to bad surprises at the wrong time and unexpected consequences. Other examples are companies or schools not wanting programs coded in that particular scripting language, due to wrongful negative opinions, thus decreasing opportunities for those that code in that language or negatively affecting the projects they are involved in.
So it's more than just being about only ourselves, it's about the AHK community in general, reputation, public opinion, and proper business practices. Reporting false-positives helps all of us, and acts as a counter-balance to bad actors and AV companies being unscrupulous or involved in bad business practices.
Return to “Off-topic Discussion”
Who is online
Users browsing this forum: No registered users and 46 guests