Jump to content

Curiosity.ai - false positives?


Recommended Posts

Howdy folks,

I am really excited to try out Curiosity.ai.  Unfortunately, Eset is throwing 100's of threats.  I contacted the support team at Curiosity.ai, and they advised whitelisting the app in the antivirus program.  Further, they say all of these are false-positives coming from the 'curiosity.helper' which is "the file extractor (extracts text from pdfs, ppts, docs etc for indexing).
it talks to the server (back end) using a locally run web server.  that's the action that's being blocked."

Here is a snapshot of one of the blocked threats:
image.png.01fba0bbac7206fe85385e28c699c9d2.png

Here are all the other flags found in the log (all coming from curiosity.helper):
--------------------------------------------------------------
JS/TrojanDownloader.FraudLoad.NAG trojan
HTML/Refresh.AH trojan
JS/TrojanDownloader.Agent.NVD trojan
JS/Kryptik.M.Gen trojan
HTML/Refresh.AB trojan
HTML/Refresh.AUD trojan
JS/TrojanDownloader.FraudLoad.NAG trojan
---------------------------------------------------------------

Questions:

1.  How can we verify these are false-positives?

2.  If we can't verify these are false-positives, how else might we enable use of this app without whitelisting the whole thing?  
(It's not as simple as writing some firewall rules - as the app is designed to connect to several online services like gmail, gdrive, etc.).

3.  Does ESET provide 3rd party security audit services that Curiosity.ai might employ to validate the integrity of their product?

 

Thanks!

Link to comment
Share on other sites

  • Administrators

It depends where you downloaded the app from. It is unlikely that there would be so many false positives reported on an application. You can submit the file to ESET for a check as per the instructions at https://support.eset.com/en/kb141.

Link to comment
Share on other sites

Thanks Marcos,

That kb article is dated.  There is no "Submit sample for analysis" option in Tools.  There isn't even a "more tools" option.
This article also needs correction: 

 

I suppose I will send an email.  Seems odd you guys would rather an email than a more automated solution.

Regardless, I would appreciate you addressing my 3 questions individually.

Thanks

Link to comment
Share on other sites

  • Administrators

As I wrote, you should submit the sample to ESET first. Without it, it's impossible to tell if the detection is correct or not. However, it's unlikely that so many detections reported on application files would be false positives.

Link to comment
Share on other sites

1 hour ago, ecovalence said:

There is no "Submit sample for analysis" option in Tools.

Eset_Submit.thumb.png.2ff031fc60cee52613c11841441ddf5a.png

Link to comment
Share on other sites

  • Administrators

I would add that the option is not available if sample submission is disabled in the advanced setup.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...