Chas4 10 Posted April 16, 2023 Share Posted April 16, 2023 https://www.codeweavers.com/crossover#mac Is the url for the software There are 9 false positives (flagged as suspicious), if ESET removes them it will cause a corruption of the program and cause some of the WINE abilities to be broken (the folder it is in is 154.2MB), the app itself is just over 1GB Have sent the 9 false positives as listed on https://support.eset.com/en/kb141-submit-a-virus-website-or-potential-false-positive-sample-to-the-eset-lab#SubmitFile Link to comment Share on other sites More sharing options...
Administrators Marcos 5,243 Posted April 16, 2023 Administrators Share Posted April 16, 2023 Thanks for the heads-up, the files were blacklisted by LiveGrid in the cloud. Will be unblocked in a few minutes. However, some other AVs report them as suspicious too: https://www.virustotal.com/gui/file/be1d60104029b138fbe5349a7f8ddc9ee0c3e683c18c109548267c8ed85778d7 Link to comment Share on other sites More sharing options...
rotaru 10 Posted April 16, 2023 Share Posted April 16, 2023 4 hours ago, Marcos said: Thanks for the heads-up, the files were blacklisted by LiveGrid in the cloud. Will be unblocked in a few minutes. Hello, I do not understand this mechanism: "the files were blacklisted by LiveGrid in the cloud" ....If they were blacklisted by the LiveGrid, has to be a reason for , otherwise if LiveGrid blacklists files left an right what's the point of having it. And again, "will be unblocked in a few minutes" simple like that? No analysis about why LifeGrid blacklisted them? 5 hours ago, Marcos said: However, some other AVs report them as suspicious too: Seems like VT is being used when is convenient... If absolutely no AV but ESET detects a link as "malicious", well they do not scan htmls..... If somebody else detects something also detected by ESET, than VT is being posted as example of good detection Link to comment Share on other sites More sharing options...
Chas4 10 Posted April 16, 2023 Author Share Posted April 16, 2023 @Marcos For Codeweavers they have known about false positives as it has caused damage to WINE bottles and the macOS app in the past. https://www.codeweavers.com/support/forums/general/?t=27;msg=222870 AVG, AVAST are under same company as is Norton LifeLock (they are all under 1 company now) @rotaru They were flagged as suspicious on someone else's machine and it was reported to the Live Grid, that helps with early detection https://help.eset.com/glossary/en-US/technology_livegrid.html (Microsoft used to call their cloud based reputation MAPS) vt uses different av settings and each av vendor lets Google's vt know what settings to use on vt. HP Smart uses WINE to run the Windows version of their software on macOS, removing those parts would corrupt the HP software and prevent it from working (also would block people from editing the settings on their printers as HP has refused to enable TLS 1.2 on some of their printers, and the HP Smart app is the only way to access the web interface as browsers have removed TLS 1.0 & 1.1 support due to security issues) Link to comment Share on other sites More sharing options...
Chas4 10 Posted April 16, 2023 Author Share Posted April 16, 2023 @Marcos This needs to be moved back to ESET Cyber Security part of the forum is was wrongly moved Link to comment Share on other sites More sharing options...
Administrators Marcos 5,243 Posted April 16, 2023 Administrators Share Posted April 16, 2023 This topic is about a possible FP that this Malware finding and cleaning foum is intended for. Link to comment Share on other sites More sharing options...
Chas4 10 Posted April 16, 2023 Author Share Posted April 16, 2023 47 minutes ago, Marcos said: This topic is about a possible FP that this Malware finding and cleaning foum is intended for. Yet it is marked as suspicious and is only on macOS that I know of, so it should be back in the Cyber Security section not this one, and not it is not a possible false positive but a 3 year old false positive (don't think v6 had full live grid support, as only v7 had the detection) Link to comment Share on other sites More sharing options...
Recommended Posts