ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Special User Sections > DC Website Help and Extras

Websense (Directly and via VirusTotal) - DonationCoder is Malicious

<< < (2/3) > >>

tomos:
Has anyone found a way to report a false positive to these Websense jokers?  It never ceases to amaze me how these security services have no problem classifying things as malware for no reason and then make it almost impossible to contact them to have it corrected.
-mouser (January 19, 2014, 07:30 PM)
--- End quote ---

towards the top of the page -- under "Classification" there's a link "suggest different classification".

That's bizzare -- it's an incredibly specific report -- I wonder did they get two different reports mixed up or someting :-\

BillR:
Has anyone found a way to report a false positive to these Websense jokers?  It never ceases to amaze me how these security services have no problem classifying things as malware for no reason and then make it almost impossible to contact them to have it corrected.
-mouser (January 19, 2014, 07:30 PM)
--- End quote ---

I've found reporting any reputation/blacklist false positives quite painful.   :(  In some cases I can't request a review unless I'm registered but registration requires a non-hotmail/gmail/... and non-mailinator/... account and a business phone and review/approval by the marketing(?) dept. OR purchasing the software.  In another, I had to resort to private correspondence with the contractor supporting the blacklist site (found his email from a different project years ago) because my email address was improperly treated as blacklisted on the registration page (a configuration/programming error triggered a review) and of course I couldn't use the website contact admin form to report a problem because I was under review.

Mouser and other authors, if you don't already, you might try submitting any published program version to the three AV meta-scan sites VirusTotal, Jotti.org, and Metascan-Online just to see if there is a problem and to get the (slow?!) review process started.  Between them they cover at least 25 *nix and MS Windows-based antimalware engines plus another three dozen Windows-based engines (although many primarily use signatures from one of the same few sources like BitDefender).  Most of these are primarily/just signature oriented.  Won't guarantee AV-conflict-free installations with actual installed antimalware products but I assume it should help.  

Mouser or others may disabuse me of the efficacy of this idea, of course. For example the new freeware-ish version of XYplorer (a great file manager) is still listed as malware by four engines a couple of weeks later.

The best summary of how to report file false positives that I know about is by Chiron on TechSupportAlert (please chime in if you know of other good ones, especially any that automate reporting!):

http://www.techsupportalert.com/content/how-report-malware-or-false-positives-multiple-antivirus-vendors.htm

tomos
towards the top of the page -- under "Classification" there's a link "suggest different classification".
-tomos (January 19, 2014, 08:42 PM)
--- End quote ---
Yes, tried that.  Don't expect it to work since I think the real problem is the evaluation of the file.  Of Jotti (~25 engines), VirusTotal (48), and Metascan-Online (40) only Antiy flags FARR. (Antiy FP review already requested.)

BTW, URLvoid also passes DC site as a whole.

40hz:
It's only a matter of time before one of these self-appointed watchdogs gets hauled into court for defamation and damages.

You can't just label something malicious or suspicious and not take responsibility for your actions. Or in cases like this, not to take appropriate action when in error.

mouser:
The best summary of how to report file false positives that I know about is by Chiron on TechSupportAlert (please chime in if you know of other good ones, especially any that automate reporting!):

http://www.techsupportalert.com/content/how-report-malware-or-false-positives-multiple-antivirus-vendors.htm
--- End quote ---

Another awesome page on techsupportalert, thanks for that  :up:

mouser:
From websense email reply:

Hello,

The site you submitted has been reviewed and determined safe for browsing. The site will resume its filtering under the following category:

http://www.donationcoder.com/Software/Mouser/findrun/downloads/FindAndRunRobotSetup.exe  – Information Technology

Categorization updates should be reflected in the next scheduled database publication, and will be available shortly to Real-Time Updates subscribers.

Thank you for your inquiry,

Samana
Websense Labs
--- End quote ---

Navigation

[0] Message Index

[#] Next page

[*] Previous page

Go to full version