===> False Positives <===

[techknowledge]

I change the script frequently.
Is the file pattern something I can set on my side?

[Tigzy]

Hey,
We've actually fixed it on our side, it will be in next release.
Regards,

[Mops21]

Hi

Can you check this 1 File please

With best Regards
Mops21

[Curson]

Hi Mops21,

Thanks for your feedback.
This file will be investigated as soon as possible.

Regards.

[Mops21]

Hi

Thank you very much for your Infos

Any new Infos about this availöable

And here is the Homepage of the product for you the Version 5 is in Beta available for that you must contact them for it

https://xvirus.net/xvirus-personal-firewall

With best Regards
Mops21

[Curson]

Hi Mops21,

This file is detected by MalPE, an heuristic-based detection engine.
It's quite hard to say what triggered the detection, and we are in the process of rewriting the heuristic model used by MalPE, so a fix probably won't be released shortly.

That being said, for the time being, I suggest you to exclude Xvirus Personal Firewall installer and related files using RogueKiller "Exclusion" module.

Regards.

[Mops21]

Hi

Thank you very much for your Infos

Any new Infos about the Xvirus File available

And can you check the 2 File from the Xsec Antivirus please too

https://www.sendspace.com/file/5pr7wp

And here is the Homepage of it for you

https://www.xsecantivirus.com/

https://www.xsecantivirus.com/support/contact.aspx

With best Regards
Mops21

[Curson]

Hi Mops21,

No fix for this specific detection was released, yet.
The two files you submitted trigger MalPE the same way the installer do. The new model should also get rid of these false positives as well.

Regards.

[Ashazy1234]

Yeah.Dont post the same problem again and again.

[graphixillusion]

Hi there. I'm reporting this false positive. This process/service is the Stablebit Scanner for hdd health monitoring.

Here the official site:
https://stablebit.com/Scanner

This is the roguekiller log:

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[Cloud.Generic (Malicious)] Scanner.Service.Native.exe (4780) -- C:\Program Files (x86)\StableBit\Scanner\Service\Scanner.Service.Native.exe -> Found

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[Cloud.Generic (Malicious)] ScannerServiceNative (4780) -- "C:\Program Files (x86)\StableBit\Scanner\Service\Scanner.Service.Native.exe" -> Found

Thank you!

[Curson]

Hi graphixillusion,

Thanks for your feedback.
Could you please attach the JSON report with your next reply ?

Regards.

[graphixillusion]

Could you please attach the JSON report with your next reply ?

Sure. Here the interesting part in JSON format.

[Curson]

Hi graphixillusion,

Thanks for your feedback.
We will whitelist it as soon as possible.

Regards.

[Mops21]

Hi

Can you check These 2 Files please

https://www.reviversoft.com/de/start-menu-reviver/

With best Regards
Mops21

[Curson]

Hi Mops21,

Thanks for your feedback.
ReviverSoft is a known company to distribute many "optimisation" software. It's not a false positive.

Regards.