Author Topic: ===> False Positives <===  (Read 351608 times)

0 Members and 3 Guests are viewing this topic.

Reply #330February 14, 2019, 03:32:05 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: ===> False Positives <===
« Reply #330 on: February 14, 2019, 03:32:05 PM »
Hi Mops21,

It's safe.
Regards.

Reply #331February 15, 2019, 11:13:44 AM

Mops21

  • Jr. Member

  • Offline
  • **

  • 64
  • Reputation:
    0
    • View Profile
Re: ===> False Positives <===
« Reply #331 on: February 15, 2019, 11:13:44 AM »
Hi Curson

Thank you very much for your Infos

With best Regards
Mops21

Reply #332February 15, 2019, 11:56:32 AM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: ===> False Positives <===
« Reply #332 on: February 15, 2019, 11:56:32 AM »
Hi Mops21,

You are very welcome.

Regards.

Reply #333February 15, 2019, 12:23:46 PM

Mops21

  • Jr. Member

  • Offline
  • **

  • 64
  • Reputation:
    0
    • View Profile
Re: ===> False Positives <===
« Reply #333 on: February 15, 2019, 12:23:46 PM »
Hi Curson

Thank you very much for your Infos

Can you check this too

The signature are from 10.02.2019 but we have in Germany 15.02.2019 please check and fix

With best Regards
Mops21

Reply #334February 15, 2019, 03:44:45 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: ===> False Positives <===
« Reply #334 on: February 15, 2019, 03:44:45 PM »
Hi Mops21,

You are welcome.
We had an issue with the signatures package. This will be fixed as soon as possible.

Regards.

Reply #335February 16, 2019, 12:16:26 PM

Mops21

  • Jr. Member

  • Offline
  • **

  • 64
  • Reputation:
    0
    • View Profile
Re: ===> False Positives <===
« Reply #335 on: February 16, 2019, 12:16:26 PM »
Hi Curson

Thank you very much for your Infos

With best Regards
Mops21

Reply #336February 18, 2019, 12:18:27 PM

Mops21

  • Jr. Member

  • Offline
  • **

  • 64
  • Reputation:
    0
    • View Profile

Reply #337February 18, 2019, 07:02:44 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: ===> False Positives <===
« Reply #337 on: February 18, 2019, 07:02:44 PM »
Hi Mops21,

There is no need for you te report all [Hj.Shortcut] detections.

For the time being, every URL which is not explicitly whitelisted will be reported as such.
We are in the process to change this behaviour, so only malicious websites will be reported as [Hj.Shortcut] in the future.

The issue with the signatures package is now solved.

Regards.

Reply #338February 22, 2019, 10:25:05 PM

randzonen

  • Guest
Re: ===> False Positives <===
« Reply #338 on: February 22, 2019, 10:25:05 PM »
Pls fix this false positive. Insync is a legit program

https://www.insynchq.com/

Reply #339February 23, 2019, 02:00:11 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: ===> False Positives <===
« Reply #339 on: February 23, 2019, 02:00:11 PM »
Hi randzonen,

Thanks for your feedback.
Insync will be whitelisted in next signatures package.

Regards.

Reply #340February 26, 2019, 01:21:12 PM

Lemonsfluffynoodles

  • Newbie

  • Offline
  • *

  • 4
  • Reputation:
    0
    • View Profile
Re: ===> False Positives <===
« Reply #340 on: February 26, 2019, 01:21:12 PM »
Is this a false positive google chrome keeps showing as pum.homepage even after removing and clean installing chrome?

Reply #341February 27, 2019, 01:08:41 PM

Lemonsfluffynoodles

  • Newbie

  • Offline
  • *

  • 4
  • Reputation:
    0
    • View Profile
Re: ===> False Positives <===
« Reply #341 on: February 27, 2019, 01:08:41 PM »
any update?

Reply #342February 27, 2019, 10:22:54 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: ===> False Positives <===
« Reply #342 on: February 27, 2019, 10:22:54 PM »
Hi Lemonsfluffynoodles,

Welcome to Adlice.com Forum and thanks for your feedback.
Yes, it's a false positive. It should be fixed in latest signatures package release.

Regards.

Reply #343March 03, 2019, 01:50:03 AM

bentaa

  • Newbie

  • Offline
  • *

  • 2
  • Reputation:
    0
    • View Profile
Re: ===> False Positives <===
« Reply #343 on: March 03, 2019, 01:50:03 AM »
Hello, are these false positives?

RogueKiller Anti-Malware V13.1.6.0 (x64) [Feb 25 2019] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits
Started in : Normal mode
User : tbhben [Administrator]
Started from : E:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20190204_072850, Driver : Loaded
Mode : Standard Scan, Scan -- Date : 2019/03/02 18:27:21 (Duration : 00:26:59)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
>>>>>> Firefox Addon
  [PUP.Gen2 (Potentially Malicious)] {91c612bf-2a7a-48b8-8c8c-6de28589b7a1} (E:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a1}) -- {91c612bf-2a7a-48b8-8c8c-6de28589b7a1} -> Found
  [PUP.Gen2 (Potentially Malicious)] {91c612bf-2a7a-48b8-8c8c-6de28589b7a0} (E:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a0}) -- {91c612bf-2a7a-48b8-8c8c-6de28589b7a0} -> Found
  [PUP.Gen2 (Potentially Malicious)] {d9284e50-81fc-11da-a72b-0800200c9a66} (E:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{d9284e50-81fc-11da-a72b-0800200c9a66}) -- {d9284e50-81fc-11da-a72b-0800200c9a66} -> Found


Thanks in advance!

Reply #344March 05, 2019, 11:53:45 AM

darktwillight

  • Newbie

  • Offline
  • *

  • 1
  • Reputation:
    0
    • View Profile
Re: ===> False Positives <===
« Reply #344 on: March 05, 2019, 11:53:45 AM »
Hello,
Rougekiller announces the Firefox homepage as PUP https://www.startpage.com/

 Startpage.com is an internet search engine
and https://duckduckgo.com/

Set the entry in Firefox Startpage as start page
I made it myself.

https://www.virustotal.com/#/url/159eb4fb03182f38c25487207b9fb89ad7370f4b1fbf05821f8851c64233123b/detection
Quote
browser.startup.homepage Threat: PUM.HomePage Status: Found
C:\Users\dark\AppData\Roaming\Mozilla\Firefox\Profiles\14k8v168.default-1551444125829\prefs.js
Type: Firefox Config
Dates: https://wvwv.startpage.com/

name
Status Recognition
Firefox Config
Browser.startup.homepage Found PUM.HomePage (Potential Malware} C:\Users\dark\AppData\Roaming\Mozilla\Firefox\Profiles\14k8v168.default-1551444125829\prefs.js https://www.startpage.com/ 0/0



With best Regards