Adlice forum

Software feedback => RogueKiller => Topic started by: chjohans on November 07, 2023, 04:26:17 PM

Title: False positive found
Post by: chjohans on November 07, 2023, 04:26:17 PM

I have a directory C:\Program Files (x86)\Tools where I have various downloaded tools, at the moment it just contains another directory with the tool "GPT fdisk", a command line partition tool: https://sourceforge.net/projects/gptfdisk/

The folder structure is "C:\Program Files (x86)\Tools\gdisk-windows-1.0.9".

Both RogueKiller and Adlica Diag will flag the *directory* "C:\Program Files (x86)\Tools" as possible malware (Adw.TopTools).

It puzzles me why you would flag a directory at all, without analyzing what's in that directory.

I just add "C:\Program Files (x86)\Tools\" to my exclusions, but that also means that if any possible future tools I put in there should contain anything suspicious then RougeKiller/Diag won't even try to catch that.

You might want to look into this.

Title: Re: False positive found
Post by: Curson on November 07, 2023, 06:11:27 PM

Hi chjohans,

Thanks for your feedback.

This is part of some old detection and should have been removed already.
Next signatures batch will not detect this any more.

Regards.

Title: Re: False positive found
Post by: chjohans on November 08, 2023, 05:05:51 PM

OK, thank you!

Title: Re: False positive found
Post by: Curson on November 08, 2023, 05:48:18 PM

Hi chjohans,

You are welcome.

Regards.