Author Topic: false positive  (Read 1677 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
false positive
« on: May 31, 2017, 12:55:51 PM »
Dear Sir/Madam!

We are small software development company from Russia, and we have developed a small chromium-based browser.
But some of our testers told us, that our program is already blacklisted in your Avast antivirus system.
You can find the program here: http://phoenixbrowser.com
Download link: http://phoenix.brouzeka.ru/installer/get.php

We will be very glad to solve this problem if it's possible. If there is something wrong with our program - just tell us and we will fix it.
And if it's just false positive - please check it and fix it.

Thank you!

Best regards,
Alex Ivanov,
Senior developer,
Adamant-Soft Russia.


Offline jirik

  • Avast team
  • Newbie
  • *
  • Posts: 1
Re: false positive
« Reply #2 on: May 31, 2017, 02:48:55 PM »
hello,
  thanks for your question, I have review the problem. I get a sample from hxxp://phoenix.brouzeka.ru/installer/get.php and it has been signed by digital signature "AO Adamant-Soft" (issuer: "COMODO RSA Code Signing CA"). We register many malware samples signed with the same signature (e.g. https://www.virustotal.com/en/file/c77badd4f3c8902471888fb3e61b78bff3014a3276fd75fa1c89972b22338119/analysis/ , https://www.virustotal.com/en/file/6f8b3c6bf85bef3427480ec86168eb64fc42bbf0a6a142c193ac30713c0e750f/analysis/ ...). That is the reason, why the sample is detected.

If the certificate was misused or stolen, you should stop using compromised certificate, revoke it and request your certification authority for a new certificate.