ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > Living Room

antivirus false postives - let's do someting about it

<< < (3/3)

mrainey:
For me, avast! is about as friendly and trouble-free as it gets.

Stephen66515:
False positives are always a problem, and have always been around.

Even things as simple as a note's application can trigger an AV to go nuts and freeze your computer until it 'fixes it'

Norton is the worst for this.  Dunno about recently, but the versins I used in the past sometimes got a little confused and deleted hugely important files.  One time deleting the entire System32 folder, casing obvious problems, and another time it tryed to quarentine the whole Windows folder (Directly after a fresh format, and installing AV from official CD)...so nothing bad could have possibly been on the system...except the obvious...Norton

AV companies don't care about these problems, and in fact, most of the time, quite useful tools to have, just a shame that if you have made your own DLL's and they don't recognise them, or the coding is slightly odd, but safe, it will jump on them and call them MALICIOUS or TROJAN or KEYLOGGER...even if the file is actually part of the splash screen loading procedure...stupid imho

**edit below**

Just been searching randomly through really old posts, and found this:

Hi Folks,

  In notice there is another recent thread about false positives, and it has really jumped to the forefront of difficulties.  I recently ran the A-squared free scanner and Malwarebytes, and had with A2 a rather interesting false positive situation.

(My Malwarebytes and Avira are pretty happy with my system, this was my first attempt with Malwarebytes and A2 - Malwarebytes lived up to promise, Wilder's folks generally speak quite highly of the scan, and MB's findings were neatly confirmed by Avira, which popped up when MB hit its files .. I barely knew I had memory-resident scanning on from Avira.)

  All the information (which you might find boring or interesting) can be found through this thread on EMSI, which links to my earlier thread on Gladiator, which is simply 3 posts of mine.

http://forum.emsisoft.com/Default.aspx?g=posts&m=28183&#28183
Trace.File.SpyPc 8.0 - Trace.Registry.SpyPc 8.0 (look like false positives)

  There seems to be a type of institutional ossification so that these companies - even the better ones like Emsi - do not know how to get false positives out of their system on the less-publicized cases. They look at each file in an atomistic analysis level, not caring about where it came from, how it is used, the history etc.  Not thinking it through.

   Incidentally I had to develop my technique for finding the source of the file, which some here might find interesting.  Using file properties, you find when it was installed on your system, then searching (I searched folder creation dates in Total Commander) you can often find out when and where a file came on your system.  It might be nice to have a  program that helps with such issues more directly (if you use a snapshot installer it might be a start) but in the real-world my method probably will work in many cases.  I never did check if registry entries are similar date-stamped.

   Oh, I had to puzzle around a little bit on how to search, it seems like the search programs often do not work files based on placed-on-system date (whatever they call it, it is not the file creation date). That is why I switched to folder searching, then looked at individual files .. while I would have preferred a file search.

   Incidentally, all this does not mean that we are unaware about problems like .dll-injection - you can't always tell just by the name of a file, one reason the executable protector programs are an interesting realm of protection .. most of all,  know your own system reasonably well.

  Oh, another point of special interest.  After I traced down the file origin (totally legitimate) I found a McAfee (!) confirmation that this program installs this file.

http://www.siteadvisor.pl/sites/convar.com/downloads/8652414/
PC Inspector task manager 3.00.000 (pci_uk_taskmanager.exe)

  Which makes me want to look around at the McAfee logs of programs I am thinking of installing. In general, if they have done this for the program. Do others do similar logs ? Dunno.
 
Shalom,
Steven Avery
-Steven Avery (April 04, 2009, 06:53 AM)
--- End quote ---

That was posted: April 04, 2009

Navigation

[0] Message Index

[*] Previous page

Go to full version