Author Topic: False Positive  (Read 12333 times)

0 Members and 1 Guest are viewing this topic.

November 27, 2018, 01:41:28 PM

mrmike570

  • Newbie

  • Offline
  • *

  • 11
  • Reputation:
    0
    • View Profile
False Positive
« on: November 27, 2018, 01:41:28 PM »
Hello and Good Morning...
I recently installed a new antivirus called IMMUNET, believe its new from Cisco Systems..
I ran a check this morning with Rogue Killer and there was a hit for the following. 

Process: [Test.EICAR (Malicious)] sfc.exe (3860) -- (Cisco Systems, Inc.) C:\Program Files\Immunet\6.2.0\sfc.exe -> Found

I do know EICARis a test file, however, id like a second opinion..Thank You.   Michael   

I attached the text file also...for your perusal...

Reply #1November 27, 2018, 04:14:35 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: False Positive
« Reply #1 on: November 27, 2018, 04:14:35 PM »
Hi Michael,

Thanks for your feedback.
Could you please zip the file detected as EICAR (sfc.exe) and attach the archive with your next reply ?

Regards.

Reply #2November 27, 2018, 04:28:07 PM

mrmike570

  • Newbie

  • Offline
  • *

  • 11
  • Reputation:
    0
    • View Profile
Re: False Positive
« Reply #2 on: November 27, 2018, 04:28:07 PM »
Hello..I have attached the zip file as requested..Thank You for responding so quickly.. 

Reply #3November 27, 2018, 05:38:51 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: False Positive
« Reply #3 on: November 27, 2018, 05:38:51 PM »
Hi Michael,

You zipped RogueKiller's report, not the file triggering the detection :
Quote
C:\Program Files\Immunet\6.2.0\sfc.exe

Could you please do it again ?

Regards.

Reply #4November 27, 2018, 11:56:41 PM

mrmike570

  • Newbie

  • Offline
  • *

  • 11
  • Reputation:
    0
    • View Profile
Re: False Positive
« Reply #4 on: November 27, 2018, 11:56:41 PM »
Ok, lets try this one...sorry about that..kinda new at this..

Reply #5November 28, 2018, 05:15:08 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: False Positive
« Reply #5 on: November 28, 2018, 05:15:08 PM »
Hi Michael,

That's the right one.
This is a confirmed false positive. We will whitelist it as soon as possible.

Thanks again for your feedback.

Regards.

Reply #6December 11, 2018, 03:01:29 PM

mrmike570

  • Newbie

  • Offline
  • *

  • 11
  • Reputation:
    0
    • View Profile
possible false positive info
« Reply #6 on: December 11, 2018, 03:01:29 PM »
Hello...just got a windows 10 pre-release update...18298..I rana a scan with Rogue Killer and it alerted to a few things...that it classified as potential threat...I am enclosing a couple of files for your perusal.. would appreciate any input you have...Thank You.. Michael

Reply #7December 11, 2018, 03:02:48 PM

mrmike570

  • Newbie

  • Offline
  • *

  • 11
  • Reputation:
    0
    • View Profile
Re: possible false positive info
« Reply #7 on: December 11, 2018, 03:02:48 PM »
forgot to add the json file...

Reply #8December 11, 2018, 07:55:13 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: False Positive
« Reply #8 on: December 11, 2018, 07:55:13 PM »
Hi Michael,

A [VT.Unknown] detection means the file is unknown on VirusTotal. It’s probably because it’s quite new and hasn’t been uploaded yet. Simply accept the upload when asked. Once scanned , RogueKiller shouldn’t detect the file anymore, unless it’s malicious.

Regards.