Real or false positive?

[calamityjane]

Hi guys,

Today, after downloading RogueKiller V12.11.14.0 [Sep 11 2017] (Premium),

This item was flagged under Memory (Processes)-

Detection          PID           NAME                                  PATH                                                                                                     
MalPE.35      5228       Palemoon-Portable.exe       E:\Pale Moon FOLDER\Palemoon-Portable.exe
                                      (signed by Markus Straver)

VT Score       Status
1                        Found


Further,

For those readers, unaware, Palemoon is a browser "clone", so to speak, of Mozilla Firefox.
I have been using the portable version, on my E drive (flash) without any problems.
I have been "testing" it against my long-time Firefox browser, which I have been less and less thrilled with, over time.
So far, I have been happy with Palemoon and I hope that this detection is a false positive.

Please, please tell me this is not real.
Regards to all,
cj

Ps-  My Palemoon browser was open when I ran the Roguekiller scan.

I will re-run with Palemoon closed, just to see if it sheds any light on this subject, and I'll report results, asap.

[Curson]

Hi Calamity,

Thanks for your feedback. This is a false positive.
Could you please zip the file and attach it with your next reply ? It will help us improving the MalPE engine.

Regards.

[calamityjane]

Sure thing, Curson.

As expected, no detection with Palemoon portable browser closed.

2 attachments enclosed.

Best regards,
cj

[Curson]

Hi Calamity,

Thanks for the report but could you please attach the file itself.
This way, we can analyze it and fix the MalPE false positive.

Regards.