Jump to content

Unresolved False Positive since 3 weeks

james

By james,
in ESET NOD32 Antivirus

 Share

Recommended Posts

james

james 0

Posted
Posted (edited)

We had reported the false detection of our legitimate software to eset before 3 weeks via samples@eset.com

Send a followup also.Never got a reply not even an automated one

Can someone here help us resolve the issue.Other anti-virus vendors are much faster and prompt in clearing such issues.

The case of eset very disappointing

Edited by james
Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 4,190

Posted
  • Administrators
Posted

Unfortunately, you didn't mention the name of the application nor the detection name under which it was detected by ESET. I rather suspect that the application is classified as a potentially unwanted or unsafe application; in that case it's highly unlikely it would be FP.

Link to comment
Share on other sites
SweX

SweX 870

Posted
Posted

I rather suspect that the application is classified as a potentially unwanted or unsafe application; in that case it's highly unlikely it would be FP.

I bet $10 that this is the case.  :)

Link to comment
Share on other sites
james

james 0

Posted
  • Author
Posted (edited)

I had other issues to lookinto,so missed posting the file details.

The software product is named Mass Watermark,you may check it out at masswatermark(dot)com.The product is not a PUP and is not a malware :)

Please note that the current version is not flagged by eset as false positive its the new version that we have in the release queue that is flagged by eset.You can download the files from  Dropbox

 

https:// dl.dropboxusercontent.com/u/128438096/setup.exe

https:// dl.dropboxusercont ent.com/u/128438096/mw.exe (Included in Setup)

 

We encounter such issues in new releases.

 

 

I really would really appreciate if someone here could lend a helping hand

Edited by Marcos
Link to comment
Share on other sites
Arakasi

Arakasi 548

Posted
Posted (edited)

Hello

 

Win32/riskware.dyamar.A

OR "Mass watermark.exe" in "your" file.

 

This is a Trojan horse program, it is not self-replicating, but can alter system files and perform actions without the users consent. It is borderline, potentially unwanted.

 

Your program or file is known by several different vendors, Emsisoft, McAfee, as well as ESET.

You can find a more detailed breakdown of the threat , removal instructions when infected, etc at the following link:

hxxp://home.mcafee.com/virusinfo/virusprofile.aspx?key=611820

It may even altar the master boot record. :(

 

In Order for ESET to release detection of the threat from their database, you need to remove Mass watermark.exe or completely clean up your compilation using this file.

Edited by Arakasi
Link to comment
Share on other sites
james

james 0

Posted
  • Author
Posted (edited)

Hello

 

Win32/riskware.dyamar.A

OR "Mass watermark.exe" in "your" file.

 

This is a Trojan horse program, it is not self-replicating, but can alter system files and perform actions without the users consent. It is borderline, potentially unwanted.

 

Your program or file is known by several different vendors, Emsisoft, McAfee, as well as ESET.

You can find a more detailed breakdown of the threat , removal instructions when infected, etc at the following link:

hxxp://home.mcafee.com/virusinfo/virusprofile.aspx?key=611820

It may even altar the master boot record. :(

 

In Order for ESET to release detection of the threat from their database, you need to remove Mass watermark.exe completely and clean up your compilation.

My dear friend,

 

We are the makers of the software called Mass Watermark and we are reporting a wrong detection by eset.

We are not looking for tech support :)

 

I just posted here because the eset false positive resolution  team seems slow in fixing these wrong detection.

 

I suggest you read the thread fully before making a post.

 

Plus you mad mentioned about mcafee and emsisoft,I have used many multiengine antivirus scanners,yes Mcafee is also having some issues.We have contacted them,but Emsisoft does not have any issues.

 

I think you are using Virustotal,they seem to have problems now,Reporting wrong detections.  check with other multi engine scanners like www.metascan-online.com  or virscan.org/  

 

they dont report the detection.If you are not satisfied with that download the program itself eg:emsisoft and check yourself 

 

My point is the files are not trojans and stop treating the files in that manner. 

 

Done.

Edited by james
Link to comment
Share on other sites
SweX

SweX 870

Posted
Posted (edited)

My dear friend,

 

 

 

I think you are using Virustotal,they seem to have problems now,Reporting wrong detections.  check with other multi engine scanners like www.metascan-online.com  or virscan.org/  they dont report the detection.

Yes I am familiar with those services.

 

 4/40

https://www.metascan-online.com/en/scanresult/file/ad6a40c5089545da830c661a1ffea69e

 

Just FYI

Edited by SweX
Link to comment
Share on other sites
Arakasi

Arakasi 548

Posted
Posted

I was able to download Mass Watermark from your website, and from the alternative link Softpedia, with no detections, and no errors from ESET.

 

So the question is, what has changed between current version and your new release ?

Because your executable is being flagged in your links.

Link to comment
Share on other sites
Arakasi

Arakasi 548

Posted
Posted (edited)

The fastest and best way to get this resolved if there is some sort of problems between hashes or new files added to your setup/installer, is to follow the instructions in the provided link :

 

hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN141

 

I understand you want this expedited, but these things sometimes take time based on the vendor's internal workload.

 

A moderator here in the forums might be able to check on your case and make sure it went to the proper channels, but that in my opinion is the most we can do here, provide guidance and direction. :)

ESET NA is closed until Monday morning, the main HQ in Bratislava might have a similar schedule.

Edited by Arakasi
Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 4,190

Posted
  • Administrators
Posted

This detection is correct as it's a highly suspicious packer allowing for evading detection by av software and thus often being exploited by malware authors. I've relayed your query to the Malware research lab to find out if we could whitelist this particular file.

Link to comment
Share on other sites
SweX

SweX 870

Posted
Posted

It appears Marcos is coming to the rescue.

Good luck to you and your team James. :)

So what about the Trojan in the file?  :unsure:

Link to comment
Share on other sites
Arakasi

Arakasi 548

Posted
Posted (edited)

It might not have a Trojan, but the compiler that is being used to group all the projects files together has the same characteristics as previously used Trojans, or is vulnerable to the same Trojan, thus it is being flagged, and the closest comparison to the packer is what we are catching as win32 riskware dyamar.

 

Of course without running it in Sandboxie or letting ESET research the files in question, we probably won't know.

Edited by Arakasi
Link to comment
Share on other sites
SweX

SweX 870

Posted
Posted

It might not have a Trojan, but the compiler that is being used to group all the projects files together has the same characteristics as previously used Trojans, or is vulnerable to the same Trojan, thus it is being flagged, and the closest comparison to the packer is what we are catching as win32 riskware dyamar.

 

Of course without running it in Sandboxie or letting ESET research the files in question, we probably won't know.

Ahhh...I thought you downloaded the file and found a Trojan in it.  :D Yes let's ESET check it out and share the final verdict. 

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...