Adlice forum

Software feedback => RogueKiller PREMIUM => Topic started by: calamityjane on September 13, 2017, 07:46:48 pm

Title: Real or false positive?
Post by: calamityjane on September 13, 2017, 07:46:48 pm
Hi guys,

Today, after downloading RogueKiller V12.11.14.0 [Sep 11 2017] (Premium),

This item was flagged under Memory (Processes)-

Detection          PID           NAME                                  PATH                                                                                                     
MalPE.35      5228       Palemoon-Portable.exe       E:\Pale Moon FOLDER\Palemoon-Portable.exe
                                      (signed by Markus Straver)

VT Score       Status
1                        Found


Further,

For those readers, unaware, Palemoon is a browser "clone", so to speak, of Mozilla Firefox.
I have been using the portable version, on my E drive (flash) without any problems.
I have been "testing" it against my long-time Firefox browser, which I have been less and less thrilled with, over time.
So far, I have been happy with Palemoon and I hope that this detection is a false positive.

Please, please tell me this is not real.
Regards to all,
cj

Ps-  My Palemoon browser was open when I ran the Roguekiller scan.

I will re-run with Palemoon closed, just to see if it sheds any light on this subject, and I'll report results, asap.
Title: Re: Real or false positive?
Post by: Curson on September 13, 2017, 07:53:01 pm
Hi Calamity,

Thanks for your feedback. This is a false positive.
Could you please zip the file and attach it with your next reply ? It will help us improving the MalPE engine.

Regards.
Title: Re: Real or false positive?
Post by: calamityjane on September 13, 2017, 08:44:50 pm
Sure thing, Curson.

As expected, no detection with Palemoon portable browser closed.

2 attachments enclosed.

Best regards,
cj

Title: Re: Real or false positive?
Post by: Curson on September 13, 2017, 09:52:11 pm
Hi Calamity,

Thanks for the report but could you please attach the file itself.
This way, we can analyze it and fix the MalPE false positive.

Regards.