Avast WEBforum
Other => Viruses and worms => Topic started by: Enigma on August 24, 2006, 06:51:12 AM
-
Hello developers! Can you answer me on the following question
- why Avast identifies that the all executables, protected with Enigma Protector as damage with virus? There are no any kind of viruses! How you can resolve this problem? The Enigma Protector site: www.enigma.izmuroma.ru
-
Halio Enigma,
Did you upload this files to jotti ( http://virusscan.jotti.org/de/ ), and what are the findings there. It could be a FP because of the scanner flagging the encrypted files as flalse positives, the same proiblem as with the Sophos Anti-Rootkit tool.
Dit you scan them with DrWeb CureIt, and what were the findings there. But first try jotti. Naboj,
polonus
-
I've scaned it with many antiviruses, and they nothing found in protected, only Avast and Antivir failed... DrWeb CureIt - nothing... I'll check it with jotti later! But, I don't understand why other exe packers/crypters not recognized as virus, only Enigma Protector? There are variants to resolve this problem with developers?
-
Hi Enigma,
Send the false positives to Avast so they may give them the green bill, and prevent annoyances for us all, because false positives does not help anybody.
If they are FP's you can put them in the exclusion list for the momemt.
Also report to the makers of this Enigma Protector.
Install the DrWeb pre-hyperlink scanner in your browser, so you can scan all the links before you click on their servers (a small install for either FF or IE: http://info.drweb.com/show/2653 )
polonus
-
I talked with Enigma developers and they ask that already mailed with Avast support team about this problem, but have not got answer.
Gender, can you tell me how can I send false positives file(s) to Avast?
-
Hi Enigma,
f you have any suspicious files that are not detected by the latest version of our antivirus programs, you can send them to virus@avast.com. The ideal way to send such files is to compress them as a ZIP with the password 'virus' (so that the attachment is not deleted by some other antivirus software on the way).
polonus
-
Thanks! I'll do it!
-
So far i've seen Enigma be used only for malware and nothing else.
Besides avast! didn't clearly identified it as malware, it just showed (i assume) error message because of failed decompression due to god knows what reason.
-
Avast detects ALL execs protected with Enigma as damaged with virus, this is not single evidence! May be Avast used the following methods
- if I can't unpack it, then there is virus...
Heh, by means 3 years ago, this method used Kaspersky antivirus... But I can't understand, if Avast can't decompress it when developers can't ask to Enigma makers about it, describe this problem and get loader signature? Kaspersky has in due course done so! From this decisions win all, and developers of antivirus and users of protected software!
-
There is no such thing as "damage with virus" name and no such detection either. Unless you give us screenshot where it says this i just won't belive it. It's not a standard detection name no matter how you turn it.
-
Trend Micro has a small note about enigma protector compression see here under technical details http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FRANDEX%2EAM&VSect=T
-
So small information... I told with Avast DV about Enigma, no reactions... Will wait...
-
Well give us the screenshot of this "detection".
-
I test it on virusscan.jotti.org...
tested file: simple VC++ application likes "Hello world",
protected with Enigma 1.12.
Results:
AntiVir Worm/SdBot.108544 gefunden
ArcaVir Keine Viren gefunden
Avast Win32:Mytob-QG gefunden
AVG Antivirus Keine Viren gefunden
BitDefender Keine Viren gefunden
ClamAV Keine Viren gefunden
Dr.Web Keine Viren gefunden
F-Prot Antivirus Keine Viren gefunden
Fortinet HackerTool/MSNPassword gefunden
Kaspersky Anti-Virus Keine Viren gefunden
NOD32 Keine Viren gefunden
Norman Virus Control Keine Viren gefunden
UNA Keine Viren gefunden
VirusBuster Keine Viren gefunden
VBA32 Keine Viren gefunden
If you want, I can email this file...
-
I don't see why it should be related to Enigma specifically. It's just a false positive like any other (coud be UPack and wouldn't make much difference except i know avast! can unpack UPack...)...
-
Hello folks, the same fasle positives happen with Enigma Protector again... I've scanned protected files on virustotal.com, Avast detects
Avast 4.8.1195.0 2008.07.18 Win32:Delf-CVW
Could you please solve these false positives? Users are unhappy with this. The problem occured then has been released latest version Enigma 1.51
Enigma Protector has new site here:
http://enigmaprotector.com/
Aslo, please contact developres at support@enigmaprotector.com, they will help if you have any questions.
I hope that it will be solved asap. My best regards.
-
this is rather a coincidence closer to a "classic" false positive, nothing intended against Enigma...
-
If it is even so, do you understand reaction of users who ran protected file? They nothing know about types of viruses and nothing know that this is just false positives. The user immediately closes file and begins to think that this software is a virus.
Could you please just solve this?
-
Could you please just solve this?
Of course. They will on the first virus database update.
-
Great! Thanks you for the work!
-
Guys, false detections has appeared again, Avast detects Win32:Vitro in protected files (in the main exe of retail version of Enigma Protector).
We sent false detections to support team at virus@avast.com, sent few times within last 2 weeks, but still no reply and no any solution how to solve.
What you can advice?
Could anybody from researching team contact me at support@enigmaprotector.com there are some moments I can help..
Regards
-
It's not only avast
https://forums.comodo.com/av-false-positivenegative-detection-reporting/the-enigma-protector-false-positives-t48516.0.html
-
enigmas: hello, we've been in touch some time ago when we discussed unpacking issues.. now we can put our heads together again to fix this problem... the misdetection affects only binaries protected with the commercial version afaik, which is rarely used and we don't have relevant number of such samples... we can discuss it further here (via PM) or through your support e-mail, depending on what's more comfortable way
-
Tech
Review my latest post there once again:
https://forums.comodo.com/av-false-positivenegative-detection-reporting/the-enigma-protector-false-positives-t48516.0.html
Maxx_original - yes, surely, I remember, we were talking (but few years ago) regarding unpacking, not sure we were talking about signature.... I think that the current false detection belongs only to retail installation of Enigma itself, not other files.. Anyway, if it is possible you contact me through the email at support@enigmaprotector.com we can talk more regarding signature, and surely, I will give you as many samples as you need, or even better - unlimited license so you may test each version?
Thanks you very much, awaiting your reply by email!
-
This issue is back, I am using latest version of enigma encryptor.
-
This issue is back, I am using latest version of enigma encryptor.
Well it has been over 13 years.
- Reporting a Possible False Positive File or Website - https://www.avast.com/false-positive-file-form.php (https://www.avast.com/false-positive-file-form.php).
You should get a response in a day or two.
As was requested many times previously a screenshot of the alert could help.
- Attaching Images to your post - When you Click the Reply button it opens a text window for you to post your comment (reply or post).
Click the Preview button, that shows what you have input and expands it to include 'Attachments and other options'. Click that it further expands, here you can attach images, etc. at the bottom of your post.
See my attached image, click to expand.
In reporting a possible false positive, you could give the link back to your post in this topic.
-
Happens with two dogs to protect, they start fighting each other on the porch, so to say.
There website could do with some best policies:
HTTP security headers
Name
Value
Setting secure
x-content-type-options
Header not returned
Insecure Icon
x-xss-protection
Header not returned
Insecure Icon
x-frame-options
Header not returned
Insecure Icon
content-security-policy
Header not returned
Insecure Icon
cache-control
Header not returned
Insecure Icon
strict-transport-security
Header not returned
Warning Icon
access-control-allow-origin
Header not returned
Secure Icon
More Icon
Page meta security headers
Name
N/A
Insecure Icon
cache-control
N/A
polonus