Other Software > Announce Your Software/Service/Product

SunsetScreen v1.0

<< < (2/2)

BillR:
:huh: Metascan-online: 
Filseclab Nov 25 2015  W32.InstalleRex.L.crhx  
TotalDefense Nov 29 2015 Win32/Tnega.JOBKNaC  
Zillya! Nov 29 2015 Backdoor.Poison.Win32.72429   

:-\ VirusTotal (a growing list): 
Panda  PUP/TSULoader  20151129 
Rising  PE:PUF.InstallRex!1.9E4C [F]  20151129 
TotalDefense  Win32/Tnega.JOBKNaC  20151130 
Zillya  Backdoor.Poison.Win32.72429  20151130 

;) Jotti: 
ClamAV PUA.Win32.Packer.SetupExeSection  [but then what isn't]

:o herdProtect [suspicious/Artemis/Tnega/...]: 
Bkav
McAfee
McAfee Web Gateway
Panda
Reason Heuristics
Total Defense
Trend Micro House Call
Reason Heuristics (2nd)
I may have missed a few as several engines weren't available.
  Presumed FP? (although anything "screensaver-ish" may be classified a PUP/PUA by definition -- albeit a sloppy one).

Two best lists I've found:

* http://www.techsupportalert.com/content/how-report-malware-or-false-positives-multiple-antivirus-vendors.htm  -- though I'm loathe to ever link there as I dislike the mods so much, Chiron deserves props for creating and frequently updating this almost comprehensive list
* https://www.opswat.com/blog/what-do-i-do-if-engine-detects-my-safe-file-threat -- needs updating but includes a few outside Chiron's ambit/Gizmo's' policy (What is the possessive of a name that is itself a possessive?)Those of you who actually author software and trip over this frequently may be able to suggest better resources.

Twinbee:
Haha, that's a good start to my day ;( Thanks for the info anyway. I've never been fond of virus checkers such as Norton or Mcafee due to hogging system resources, and trigger-happy false positives like this certainly don't help :o

I presume you downloaded straight from my site. Is it the portable version you checked or the installation version? I looked at the checksum of the online version versus the very original installation exe on my hard drive and thankfully the checksums match so the site hasn't been hacked or anything.

I wonder if an earlier version of SunsetScreen exhibits the same problems: http://www.skytopia.com/stuff/SunsetScreen_SetupV100.exe

Perhaps you can try that one in a couple of the major checkers there and let me know what you find. In terms of keeping the virus checkers happy, it seems like a losing battle, since I'm guessing any updates I do, and I'll have to resubmit again.

BillR:
Mouser's ScreenshotCaptor just ran afoul of hitmanPro.Alert (paid version).
Just lost the long post with details. :'(

hitmanPro.Alert encryption also breaks LastPass intermittently. 
-----
I think I tested current install version from your site.

If memory serves:
old v100 - old vt (7 months ago) yes
old v100 - today vt more (but completely different than above??)
old v100 - today jotti ClamAV
old v100 - today MO yes  (note, always check top and bottom of list at MO)
old v100 - today herdProtect 1 Reason Heuristic, but I suspect I will see 5 or 6 next time I run it.  hP has to upload new files and then analyze them.

Don't know if you are familiar with each one of these but VirusTotal, jotti, and Metascan-Online each has an easy to use web interface that supports drag-n-drop or select file name. 

For herdProtect, see the Reason Core Security site and go to Reason Labs menu item to check most recent results via hash to see the Reason Labs analysis (but not others??).  I don't know of a way to submit an individual file for analysis.  herdProtect is the predecessor to Reason Core Security.

Update -- Clarify wording; no substantive changes.
Update -- I would have lost the bet: hP results for v100 remain at 1: Reason Heuristic.

BillR:
Summary - v1.25 tested via 3 online meta-AV scanners.  Avira CHANGED from positive to negative, :Thmbsup:  a very positive sign
ClamAV  was split 1 positive, 2 not.  4 other AVs positive.  50+ others null/negative.

A quick update on presumed false positives on SunsetScreen v1.25 released in August 2016, an ever better SunsetScreen.
http://www.skytopia.com/software/sunsetscreen/
---
VirusScan by Jotti
https://virusscan.jotti.org/en-US/filescanjob/a26gj94qsh
1/19 positive (as of Tues., Sept 8 )
ClamAV     Sep 6, 2016      PUA.Win.Packer.SetupExeSection-1   [true of many utility downloads]
---
VirusTotal by Google
https://www.virustotal.com/en/file/b7f7ebb8baf439fe630380a970502945178203e73a3e3064b435015ebc8f5d4f/analysis/1473199738/
2/57 positive (as of Tues., Sept 8 )
Invincea          virus.win32.parite.c                20160830
Rising             Malware.Heuristic!ET (rdm+)   20160906
but note:
ClamAV             [null/negative]                     20160906
Avira (no cloud) [null/negative]                     20160906
---
Metadefender [formerly Metascan-Online] by OPSWAT
https://www.metadefender.com/#!/results/file/88a9d04fba6f48d1b4976adea721c8b3/regular/analysis
3/42 positive (but 5 updating/not available so really 3/37)
(as of Friday, Sept. 2 )
Avira           2219 ms      Sep 02 2016 (4 days ago)         ADWARE/InstallRex.Gen 
Filseclab      8282 ms      Sep 02 2016 (4 days ago)         W32.InstalleRex.L.crhx 
TotalDefense   16 ms      Sep 01 2016 (5 days ago)         Win32/Tnega.JOBKNaC 
but note:
ClamAV       2391 ms      Sep 02 2016 (4 days ago)         [null/negative]
---
Metadefender
2/42 (all engines reporting)
(as of Thursday, Sept. 8 )
Filseclab and TotalDefense remain positive but
Avira is now null/negative, as are the missing 5 engines from last week.
---
Slight differences in results for the same vendor between different online scanners and especially with installed AV products is to be expected (as all three sites say). 
My personal observation is that ClamAV packer warnings are almost pointless while Filseclab and TotalDefense are prone to false positives.  Rising was based on heuristic analysis.

UPDATE - Fixed "Sept. 8)" versus "Sept. 8 )"

Navigation

[0] Message Index

[*] Previous page