Author Topic: ===> False Positives <===  (Read 99032 times)

0 Members and 2 Guests are viewing this topic.

Reply #285October 30, 2018, 08:31:44 pm

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2126
  • Reputation:
    77
    • View Profile
Re: ===> False Positives <===
« Reply #285 on: October 30, 2018, 08:31:44 pm »
Hi Photix,

You are welcome.

Regards.

Reply #286November 03, 2018, 12:16:04 am

coldi

  • Newbie

  • Offline
  • *

  • 19
  • Reputation:
    0
    • View Profile
Re: ===> False Positives <===
« Reply #286 on: November 03, 2018, 12:16:04 am »
Hi there, I may have stumbled upon a false positive again or at least an oddity. Version 13.0.6.0 seems to report the wmrprvse.exe as malware.

https://www.virustotal.com/#/file/b5c78bef3883e3099f7ef844da1446db29107e5c0223b97f29e7fafab5527f15/detection is the file in question - I add an archive with the report and the file. Strangely enough on a scan shortly afterwards it stopped detecting it.

Best regards

Reply #287November 03, 2018, 04:56:33 pm

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2126
  • Reputation:
    77
    • View Profile
Re: ===> False Positives <===
« Reply #287 on: November 03, 2018, 04:56:33 pm »
Hi coldi,

Thanks for your feedback.
Could you please export the JSON version of the report detecting the process and attach it with your next reply ?

Regards.

Reply #288November 03, 2018, 09:51:47 pm

coldi

  • Newbie

  • Offline
  • *

  • 19
  • Reputation:
    0
    • View Profile
Re: ===> False Positives <===
« Reply #288 on: November 03, 2018, 09:51:47 pm »
Sure thing

Reply #289November 08, 2018, 08:23:11 pm

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2126
  • Reputation:
    77
    • View Profile
Re: ===> False Positives <===
« Reply #289 on: November 08, 2018, 08:23:11 pm »
Hi coldi,

Thanks.
After much investigations, we were unfortunately unable to reproduce the issue, so we won't be able to fix it. Please don't hesitate to report it if it occurs again, so we have a chance to fix it.

Regards.

Reply #290November 22, 2018, 04:24:05 pm

bloodfx

  • Newbie

  • Offline
  • *

  • 5
  • Reputation:
    0
    • View Profile
Re: ===> False Positives <===
« Reply #290 on: November 22, 2018, 04:24:05 pm »
The new version of roguekiller keeps detecting windows\system32\consent.exe as proc.hidden and must be removed on windows 10 pro x64 latest build, is this a false positive?

Reply #291November 22, 2018, 04:38:50 pm

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2126
  • Reputation:
    77
    • View Profile
Re: ===> False Positives <===
« Reply #291 on: November 22, 2018, 04:38:50 pm »
Hi bloodfx,

Thanks for your feedback.
Could you please attach RogueKiller JSON report showing this detection with your next reply ?

Regards.

Reply #292November 22, 2018, 05:13:23 pm

bloodfx

  • Newbie

  • Offline
  • *

  • 5
  • Reputation:
    0
    • View Profile
Re: ===> False Positives <===
« Reply #292 on: November 22, 2018, 05:13:23 pm »
This?

Reply #293November 22, 2018, 05:56:29 pm

bloodfx

  • Newbie

  • Offline
  • *

  • 5
  • Reputation:
    0
    • View Profile
Re: ===> False Positives <===
« Reply #293 on: November 22, 2018, 05:56:29 pm »
Not sure if the format was correct so uploaded as .json to

Reply #294November 22, 2018, 07:08:57 pm

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2126
  • Reputation:
    77
    • View Profile
Re: ===> False Positives <===
« Reply #294 on: November 22, 2018, 07:08:57 pm »
Hi bloodfx,

Thanks, that's it.
This is a confirmed false positive. We will whitelist it as soon as possible.

Regards.

Reply #295November 22, 2018, 07:22:37 pm

bloodfx

  • Newbie

  • Offline
  • *

  • 5
  • Reputation:
    0
    • View Profile
Re: ===> False Positives <===
« Reply #295 on: November 22, 2018, 07:22:37 pm »
Wow that was fast great support, thanks :)

Reply #296November 22, 2018, 07:43:38 pm

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2126
  • Reputation:
    77
    • View Profile
Re: ===> False Positives <===
« Reply #296 on: November 22, 2018, 07:43:38 pm »
Hi bloodfx,

You are very welcome.

Regards.

Reply #297November 25, 2018, 05:11:28 am

SilenceEngaged

  • Newbie

  • Offline
  • *

  • 3
  • Reputation:
    0
    • View Profile
tinyBuild Launcher possible false-positives
« Reply #297 on: November 25, 2018, 05:11:28 am »
I have stumbled upon a possible false positive when scanning with RoguKiller. It picks up two registry items from the tinyBuild Launcher, which is used to launch the PC game "Rapture Rejects". Attached is the TXT file from a RogueKiller Report...

Reply #298November 25, 2018, 04:01:32 pm

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2126
  • Reputation:
    77
    • View Profile
Re: ===> False Positives <===
« Reply #298 on: November 25, 2018, 04:01:32 pm »
Hi SilenceEngaged,

Thanks for your feedback.
This is indeed a false positive. We will whitelist it as soon as possible.

Regards.

Reply #299December 06, 2018, 08:01:20 pm

SilenceEngaged

  • Newbie

  • Offline
  • *

  • 3
  • Reputation:
    0
    • View Profile
Re: ===> False Positives <===
« Reply #299 on: December 06, 2018, 08:01:20 pm »
Thanks for the prompt response! Sorry it took so long for me to respond. I was busy with the holidays. (Still am) I believe I have another false positive. This time, it is from AMD graphics card drivers.

 Also, a suggestion on it: VirusTotal uploads only come back positive if found to actually be something (Virus, what-have-you...) on VirusTotal.com