Jump to content

Some false positives inside of crossover app

Chas4

By Chas4
in Malware Finding and Cleaning

 Share

Recommended Posts

Chas4

Chas4 8

Posted
Posted 
https://www.codeweavers.com/crossover#mac  Is the url for the software

There are 9 false positives (flagged as suspicious), if ESET removes them it will cause a corruption of the program and cause some of the WINE abilities to be broken (the folder it is in is 154.2MB), the app itself is just over 1GB

image.thumb.png.8d9d6c6a022255ddc598422871e793d5.png

 

Have sent the 9 false positives as listed on https://support.eset.com/en/kb141-submit-a-virus-website-or-potential-false-positive-sample-to-the-eset-lab#SubmitFile

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,074

Posted
  • Administrators
Posted

Thanks for the heads-up, the files were blacklisted by LiveGrid in the cloud. Will be unblocked in a few minutes.

However, some other AVs report them as suspicious too: https://www.virustotal.com/gui/file/be1d60104029b138fbe5349a7f8ddc9ee0c3e683c18c109548267c8ed85778d7

Link to comment
Share on other sites
rotaru

rotaru 10

Posted
Posted
4 hours ago, Marcos said:

Thanks for the heads-up, the files were blacklisted by LiveGrid in the cloud. Will be unblocked in a few minutes.

Hello,

I do not understand this mechanism: "the files were blacklisted by LiveGrid in the cloud" ....If they were blacklisted by the LiveGrid, has to be a reason for , otherwise if LiveGrid blacklists files left an right what's the point of having it.

And again, "will be unblocked in a few minutes"   simple like that? No analysis about why LifeGrid blacklisted them?

 

5 hours ago, Marcos said:

However, some other AVs report them as suspicious too:

Seems like VT is being used when is convenient...

If absolutely no AV but ESET detects a link as "malicious", well they do not scan htmls.....

If somebody else detects something also detected by ESET, than VT is being posted as example of good detection 

Link to comment
Share on other sites
Chas4

Chas4 8

Posted
  • Author
Posted

@Marcos

For Codeweavers they have known about false positives as it has caused damage to WINE bottles and the macOS app in the past.  https://www.codeweavers.com/support/forums/general/?t=27;msg=222870

AVG, AVAST are under same company as is Norton LifeLock (they are all under 1 company now)

 

@rotaru 

They were flagged as suspicious on someone else's machine and it was reported to the Live Grid, that helps with early detection https://help.eset.com/glossary/en-US/technology_livegrid.html  (Microsoft used to call their cloud based reputation MAPS)

vt uses different av settings and each av vendor lets Google's vt know what settings to use on vt.

HP Smart uses WINE to run the Windows version of their software on macOS, removing those parts would corrupt the HP software and prevent it from working (also would block people from editing the settings on their printers as HP has refused to enable TLS 1.2 on some of their printers, and the HP Smart app is the only way to access the web interface as browsers have removed TLS 1.0 & 1.1 support due to security issues) 

Link to comment
Share on other sites
Chas4

Chas4 8

Posted
  • Author
Posted
47 minutes ago, Marcos said:

This topic is about a possible FP that this Malware finding and cleaning foum is intended for.

Yet it is marked as suspicious and is only on macOS that I know of, so it should be back in the Cyber Security section not this one, and not it is not a possible false positive but a 3 year old false positive (don't think v6 had full live grid support, as only v7 had the detection)

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...