Other Software > Announce Your Software/Service/Product
SunsetScreen v1.0
BillR:
:huh: Metascan-online:
Filseclab Nov 25 2015 W32.InstalleRex.L.crhx
TotalDefense Nov 29 2015 Win32/Tnega.JOBKNaC
Zillya! Nov 29 2015 Backdoor.Poison.Win32.72429
:-\ VirusTotal (a growing list):
Panda PUP/TSULoader 20151129
Rising PE:PUF.InstallRex!1.9E4C [F] 20151129
TotalDefense Win32/Tnega.JOBKNaC 20151130
Zillya Backdoor.Poison.Win32.72429 20151130
;) Jotti:
ClamAV PUA.Win32.Packer.SetupExeSection [but then what isn't]
:o herdProtect [suspicious/Artemis/Tnega/...]:
Bkav
McAfee
McAfee Web Gateway
Panda
Reason Heuristics
Total Defense
Trend Micro House Call
Reason Heuristics (2nd)
I may have missed a few as several engines weren't available.
Presumed FP? (although anything "screensaver-ish" may be classified a PUP/PUA by definition -- albeit a sloppy one).
Two best lists I've found:
* http://www.techsupportalert.com/content/how-report-malware-or-false-positives-multiple-antivirus-vendors.htm -- though I'm loathe to ever link there as I dislike the mods so much, Chiron deserves props for creating and frequently updating this almost comprehensive list
* https://www.opswat.com/blog/what-do-i-do-if-engine-detects-my-safe-file-threat -- needs updating but includes a few outside Chiron's ambit/Gizmo's' policy (What is the possessive of a name that is itself a possessive?)Those of you who actually author software and trip over this frequently may be able to suggest better resources.
Twinbee:
Haha, that's a good start to my day ;( Thanks for the info anyway. I've never been fond of virus checkers such as Norton or Mcafee due to hogging system resources, and trigger-happy false positives like this certainly don't help :o
I presume you downloaded straight from my site. Is it the portable version you checked or the installation version? I looked at the checksum of the online version versus the very original installation exe on my hard drive and thankfully the checksums match so the site hasn't been hacked or anything.
I wonder if an earlier version of SunsetScreen exhibits the same problems: http://www.skytopia.com/stuff/SunsetScreen_SetupV100.exe
Perhaps you can try that one in a couple of the major checkers there and let me know what you find. In terms of keeping the virus checkers happy, it seems like a losing battle, since I'm guessing any updates I do, and I'll have to resubmit again.
BillR:
Mouser's ScreenshotCaptor just ran afoul of hitmanPro.Alert (paid version).
Just lost the long post with details. :'(
hitmanPro.Alert encryption also breaks LastPass intermittently.
-----
I think I tested current install version from your site.
If memory serves:
old v100 - old vt (7 months ago) yes
old v100 - today vt more (but completely different than above??)
old v100 - today jotti ClamAV
old v100 - today MO yes (note, always check top and bottom of list at MO)
old v100 - today herdProtect 1 Reason Heuristic, but I suspect I will see 5 or 6 next time I run it. hP has to upload new files and then analyze them.
Don't know if you are familiar with each one of these but VirusTotal, jotti, and Metascan-Online each has an easy to use web interface that supports drag-n-drop or select file name.
For herdProtect, see the Reason Core Security site and go to Reason Labs menu item to check most recent results via hash to see the Reason Labs analysis (but not others??). I don't know of a way to submit an individual file for analysis. herdProtect is the predecessor to Reason Core Security.
Update -- Clarify wording; no substantive changes.
Update -- I would have lost the bet: hP results for v100 remain at 1: Reason Heuristic.
BillR:
Summary - v1.25 tested via 3 online meta-AV scanners. Avira CHANGED from positive to negative, :Thmbsup: a very positive sign
ClamAV was split 1 positive, 2 not. 4 other AVs positive. 50+ others null/negative.
A quick update on presumed false positives on SunsetScreen v1.25 released in August 2016, an ever better SunsetScreen.
http://www.skytopia.com/software/sunsetscreen/
---
VirusScan by Jotti
https://virusscan.jotti.org/en-US/filescanjob/a26gj94qsh
1/19 positive (as of Tues., Sept 8 )
ClamAV Sep 6, 2016 PUA.Win.Packer.SetupExeSection-1 [true of many utility downloads]
---
VirusTotal by Google
https://www.virustotal.com/en/file/b7f7ebb8baf439fe630380a970502945178203e73a3e3064b435015ebc8f5d4f/analysis/1473199738/
2/57 positive (as of Tues., Sept 8 )
Invincea virus.win32.parite.c 20160830
Rising Malware.Heuristic!ET (rdm+) 20160906
but note:
ClamAV [null/negative] 20160906
Avira (no cloud) [null/negative] 20160906
---
Metadefender [formerly Metascan-Online] by OPSWAT
https://www.metadefender.com/#!/results/file/88a9d04fba6f48d1b4976adea721c8b3/regular/analysis
3/42 positive (but 5 updating/not available so really 3/37)
(as of Friday, Sept. 2 )
Avira 2219 ms Sep 02 2016 (4 days ago) ADWARE/InstallRex.Gen
Filseclab 8282 ms Sep 02 2016 (4 days ago) W32.InstalleRex.L.crhx
TotalDefense 16 ms Sep 01 2016 (5 days ago) Win32/Tnega.JOBKNaC
but note:
ClamAV 2391 ms Sep 02 2016 (4 days ago) [null/negative]
---
Metadefender
2/42 (all engines reporting)
(as of Thursday, Sept. 8 )
Filseclab and TotalDefense remain positive but
Avira is now null/negative, as are the missing 5 engines from last week.
---
Slight differences in results for the same vendor between different online scanners and especially with installed AV products is to be expected (as all three sites say).
My personal observation is that ClamAV packer warnings are almost pointless while Filseclab and TotalDefense are prone to false positives. Rising was based on heuristic analysis.
UPDATE - Fixed "Sept. 8)" versus "Sept. 8 )"
Navigation
[0] Message Index
[*] Previous page
Go to full version