ecovalence 0 Posted March 26 Posted March 26 Howdy folks, I am really excited to try out Curiosity.ai. Unfortunately, Eset is throwing 100's of threats. I contacted the support team at Curiosity.ai, and they advised whitelisting the app in the antivirus program. Further, they say all of these are false-positives coming from the 'curiosity.helper' which is "the file extractor (extracts text from pdfs, ppts, docs etc for indexing). it talks to the server (back end) using a locally run web server. that's the action that's being blocked." Here is a snapshot of one of the blocked threats: Here are all the other flags found in the log (all coming from curiosity.helper): -------------------------------------------------------------- JS/TrojanDownloader.FraudLoad.NAG trojan HTML/Refresh.AH trojan JS/TrojanDownloader.Agent.NVD trojan JS/Kryptik.M.Gen trojan HTML/Refresh.AB trojan HTML/Refresh.AUD trojan JS/TrojanDownloader.FraudLoad.NAG trojan --------------------------------------------------------------- Questions: 1. How can we verify these are false-positives? 2. If we can't verify these are false-positives, how else might we enable use of this app without whitelisting the whole thing? (It's not as simple as writing some firewall rules - as the app is designed to connect to several online services like gmail, gdrive, etc.). 3. Does ESET provide 3rd party security audit services that Curiosity.ai might employ to validate the integrity of their product? Thanks!
Administrators Marcos 5,450 Posted March 26 Administrators Posted March 26 It depends where you downloaded the app from. It is unlikely that there would be so many false positives reported on an application. You can submit the file to ESET for a check as per the instructions at https://support.eset.com/en/kb141.
ecovalence 0 Posted March 27 Author Posted March 27 Thanks Marcos, That kb article is dated. There is no "Submit sample for analysis" option in Tools. There isn't even a "more tools" option. This article also needs correction: I suppose I will send an email. Seems odd you guys would rather an email than a more automated solution. Regardless, I would appreciate you addressing my 3 questions individually. Thanks
Administrators Marcos 5,450 Posted March 27 Administrators Posted March 27 As I wrote, you should submit the sample to ESET first. Without it, it's impossible to tell if the detection is correct or not. However, it's unlikely that so many detections reported on application files would be false positives.
itman 1,801 Posted March 27 Posted March 27 1 hour ago, ecovalence said: There is no "Submit sample for analysis" option in Tools.
Administrators Marcos 5,450 Posted March 27 Administrators Posted March 27 I would add that the option is not available if sample submission is disabled in the advanced setup.
Recommended Posts