Kapersky reports trojan in CH&S 2.41

[malislaw]

I am getting a trojan detection from Kapersky when installing 2.41.   This is not detected when I re-install 2.39.  See attached screenshot.

Kapersky reports trojan in CH&S 2.41

[mouser]

Thanks for reporting it.

How weird..  It's definitely a false positive.

Always pays to be paranoid though.

I uploaded the exe (as anyone should if you ever get a virus report), to virustotal, to run antivirus using tons of engines, and here are the results:

https://www.virustot...982a808eca/analysis/

Kapersky reports trojan in CH&S 2.41

So 1/61 meaning that one crazy antivirus is malfunctioning and complaining about something it is imagining that is not real.

[mouser]

Hopefully kaspersky will fix the false positive in the next day or two before others get scared.

[wraith808]

Hopefully kaspersky will fix the false positive in the next day or two before others get scared.

-mouser (March 25, 2017, 03:02 PM)

Did you report it to them?

[mouser]

I shall try.

[malislaw]

Resolved - Virustotal now clears it in all 61 tests, and an updated Kapersky database lets it install and run.  All set!

[mouser]

Excellent.  Thanks for the initial report and the update 

[IainB]

@mouser:
As I wrote here:

Storm in a teacup.
But an example of how Trend Micro and other so-called "AV" (Anti-Virus) companies have been deftly digging a hole for themselves with this nonsense, then obligingly filled it in on  top of themselves. Self-destructive and well-earned.
Meanwhile, Microsoft Defender (AKA MS Security Essentials) laughing all the way to the bank as businesses get the message...
_________________________

-IainB (March 30, 2017, 05:15 AM)

Could I suggest, that you, as a developer, could sidestep any future artificial dependency on these idiot AV false positives and forestall your having to go to them, literally cap-in-hand, to request that they please correct their mistakes. This would be by the simple expedient of releasing all future versions in files with a checksum (file hash) - e,g, using CRC32, MD5, SHA-1, SHA-256, etc.).

I would also suggest that the user dump whatever time-wasting false-positive AV they are using, in favour of MS Security Essentials. As a consequence, there would probably be very few of these unproductive discussion threads active any more.
Problem solved?   

[Stoic Joker]

I would also suggest that the user dump whatever time-wasting false-positive AV they are using, in favour of MS Security Essentials. As a consequence, there would probably be very few of these unproductive discussion threads active any more.

-IainB (March 30, 2017, 08:35 PM)

While MSE is still my favorite, it's no angel. It FP'd on me a few weeks back on a copy of f0dder's FSekrit I'd been using for years on 5 different machines.

[MilesAhead]

While MSE is still my favorite, it's no angel. It FP'd on me a few weeks back on a copy of f0dder's FSekrit I'd been using for years on 5 different machines.

-Stoic Joker (March 31, 2017, 06:30 AM)

In AHK a standard technique for remapping keys is to check for some condition, then if it doesn't apply resend the same keystrokes.  To avoid an infinite loop a keyboard hook is used to detect when the key combination is actually coming from the hardware.  That alone is enough to trigger many of these AV scanners as detecting a key logger.  My hope is that the situation will become so ridiculous that the invalidity of the whole concept of AV will filter down to the typical computer users.  So far I have not seen any formula posted how many good scans it takes to offset one bad scan.  If you line up hundreds of scanners there's bound to be a bad scan in there somewhere.

Maintenance on the machine is becoming the primary purpose of the machine it seems.  Get your computing in using one hour per day because the other waking hours will be consumed maintaining the system. 

[cranioscopical]

Maintenance on the machine is becoming the primary purpose of the machine it seems.  Get your computing in using one hour per day because the other waking hours will be consumed maintaining the system.

-MilesAhead (March 31, 2017, 06:58 AM)

Ain't that the truth!

Never mind, the Creator's update will change all that for Win10 - not fix it, just change it 

[IainB]

...While MSE is still my favorite, it's no angel. It FP'd on me a few weeks back on a copy of f0dder's FSekrit I'd been using for years on 5 different machines.
__________________

-Stoic Joker (March 31, 2017, 06:30 AM)

Oh yes, and MSE does occasionally give annoying false positives on stuff that one has had on one's PCs for years with no prior adverse report from MSE. The workaround is to tell MSE that that particular file is an Allowed item.
My experience is that MSE gives fewer false positives than most of the other AV packages I have used.
I had put that down to the MSE developers possibly doing a more thorough job of virus signature detection than the developers of other AV software.
All this "Oh noes! The sky is falling!" and running around frantically every time there's a false positive on a downloadable software is both unproductive and time-wasting, and it puts the onus on the developer to jump through bureaucratic hoops to lodge an appeal against the false (in error) AV verdict. What ruddy cheek!
No, the responsibility more correctly lies with the AV developer to ensure that they only release bug-free, tested AV products in the first place. That testing won't exactly be rocket science, and they should have a suitably-designed testing regime for it. It will therefore probably be  a semi-automated, defined process and one which will be operating in statistical control, so they will be able to distinguish between constant cause errors and special cause errors, and thus be able to predict the former with differing levels of confidence, and mitigate against those particular risks. That's kinda like Statistics 101. As I said, it "..won't exactly be rocket science".

If they don't take that responsibility, then they are effectively just distributing the AV software in a Beta state all the time, trusting to luck and expecting the users to do their testing for them "in production", as it were.

[IainB]

Maintenance on the machine is becoming the primary purpose of the machine it seems.  Get your computing in using one hour per day because the other waking hours will be consumed maintaining the system.
____________________

-MilesAhead (March 31, 2017, 06:58 AM)

Yes, and for a long time that seems to have increasingly been the case with each new release of Windows. We are all apparently being used as perpetual unpaid Beta testers for each release of the MS Windows OS - in fact we effectively pay for the privilege, in buying the licence.
Microsoft's task thus becomes to develop and release buggy pre-production software for Beta testing. A while back I was talking with a retired aeronautical engineer from McDonell-Douglas/Boeing who recalls how, in the old days, they used the Microsoft DOS OS and found bugs in it whilst using it to develop advanced computerised control systems for warplanes and commercial aircraft. Every time they found a bug, they would report it to MS, and would promptly get an updated (new) version of the OS, with the bug removed - "After a while doing this, it became pretty evident to us that we were acting as Bill Gates' unpaid outsourced development and testing team and that we had probably become indispensable to him."   

I don't recall that being a problem with Apple computers...so there's probably a price trade-off somewhere.

[irishatheist]

Ditto,
And despite white listing, it gets blocked for "Suspicious behaviour".
This only happening under 64bit Windows 10, not on 32bit Windows 10, but there's plenty of other differences between the systems, but both have the same Kaspersky.