Torch Browser - false positive

[Torch 0]

Hi, 

My name is Adi and I am a member of the Reputation and Compliance Team at Torch Browser, hxxp://www.torchbrowser.com/.

Torch Browser is a free, chromium-based, web browser and internet suite.  It includes a media grabber, torrent client, drag & drop, site-unblocker, and music streaming service, all in one place. 

Recently, we get a lot of complaints from our users (that use also ESET as anti-virus) that you detect our product as PUA and pop a notification about it every 30 minutes (attached a screenshot)

Link for the VirusTotal scan that shows our product is clean by ALL the antivirus companies – 

https://www.virustotal.com/en/file/25d54d2ad9ae84eac5cf29e623b176e8c56957c6022395cd189a556844e53974/analysis/1394370590/

 

 

can you tell me please:

 

1. why you consider us as PUA / what are the criteria for this detection? 

2. how we can remove it? what should we do?

Thank you for your cooperation, 

Adi 
Torch Browser

[Marcos 5,074]

Helper.dll is not a false positive; it's a correct PUA detection. It's at user's discretion whether they want to have this kind of applications detected or not.

[Torch 0]

Hi,

 

thank you for your answer.

i still don't understand - why you consider our product as PUA? and how we can manage to remove this detection? we don't believe it is correct. our product is user friendly.

 

 

 

Adi.

[Arakasi 549]

Hello Torch,

 

Helper.dll is not only used by your software, but other dangerous ones as well, and removing it from the blacklist for PUA, would clear the detection on those as well.

I would suggest creating or using a different dll for your project.

This particular dll allows adware and junk to be downloaded on the clients PC, older PC's cannot handle it.

Removal even can be trickey or certain variants cause further issues.

 

Your software can not have any ads or pop ups, or additional toolbars (yours may be a search toolbar), or anything the client did not know about at the time of installation, AT ALL.

 

You can follow this site for guidelines on making your software and project compliant with ESET's PUA database, rules, and policies.

hxxp://www.antispywarecoalition.org/documents/BestPracticesFinal.htm

Edited March 9, 2014 by Arakasi

[Marcos 5,074]

Exactly, the solution would be to make the installer without helper.dll (besides other necessary improvements). Arakasi, thank you for posting the link to best practices agreed on by anti-spyware coalition.

[Torch 0]

Hi,

 

 

thank you (both) for the answer. 

we want to solve this problem, i have talked with the developers and showed them your answer and they said the helper.dll just open and close browsers (i have no idea what it does in other products, i can talk only about our product - Torch browser). 

 

can you explain please - what is the problem with this specific file? we are willing to make changes if necessary. 

 

 

 

thank you very much,

 

 

Adi.

[Marcos 5,074]

There are quite many reasons accounting for PUA classification in this case (one can check privacy terms to find out). This forum is not a place to dispute detections. After the application has been adjusted to fulfill best practices suggested by anti-spyware coalition, you can send the new version to samples[at]eset.com and request a review.

[Aryeh Goretsky 378]

Hello,

The HELPER.DLL file is classified by ESET as a Potentially Unwanted Application (PUA). The key word here being potentially. This category refers to programs that engage in behavior that some users do not want to occur on their system. Examples of this include (but are not limited to), changing web browsers' home pages, changing default search engines, monitoring URLs that web browsers visit, displaying additional advertisements in the web browser, replacing or substituting existing advertisements in the web browser and so forth. Of course, those are just a few examples, and specific to web browsing.

 

Before classifying a programs as a PUA, senior researchers at ESET's threat research lab examine a program to determine if it belongs in this category. Each examination is done on a case-by-case basis, so there are no specific guidelines we can offer about how a program should or should not behave. That said, the link to the Anti Spyware Coalition that Arakasi forwarded is a great introduction to the subject, as is the StopBadware coalition's Badware guidelines for software applications. You might also find the following ESET white paper helpful as well: Problematic, Unloved and Argumentative: What is a potentially unwanted application (PUA)? It's a little old (no mention of Android apps, for example) but still contains useful information.

 

Because some of ESET's customers wish to prevent such programs from being run on their computer, ESET provides them with the option to block these types of applications when our software is installed.  Additionally, the option can be toggled on and off at any time after installation and in recent versions of ESET's software, customers can choose to whitelist (ignore) certain applications, which allows our customers some additional flexibility.

 

If you would like to have your application re-examined after making changes to it, you can submit it to ESET's threat research lab for analysis by following the instructions in ESET Knowledgebase Article 141, "How to submit virus or potential false positive samples to ESET's labs."

Regards,

Aryeh Goretsky

[tapydisuza 0]

Using a new thing is actually dangerous, so always apply those things which are verified. And it is also necessary avoid unwanted extensions and other supported things from your computer browser. While browsing internet apply some security to avoid internet malware and protect your PC.