Author Topic: Very annoying false positive for Java application  (Read 463 times)

0 Members and 1 Guest are viewing this topic.

Offline Stefan_Reich

  • Newbie
  • *
  • Posts: 1
Very annoying false positive for Java application
« on: August 22, 2019, 01:31:36 PM »
Hello,

we are running a Java application on the desktop, and it is reported as an exploit and blocked. This is highly annoying.

Screenshots:
http://botcompany.de/1004590/raw/1101872
http://botcompany.de/1004590/raw/1101873

Program: https://botcompany.de/files/1400242/auto-jump-cutter-0.1.jar

The reported exploit relates to Java applets which try to break out of a sandbox using a JDK 7 vulnerability. However, we are running a native desktop application here, so there is no sandbox to begin with. This message should never even appear for any desktop application.

The only "nefarious" thing the program does is opening a local port in order to communicate with instances of itself on the same machine. It also compiles its own Java code, but why would that be a problem? As said before, the "exploit" doesn't even apply logically.

It's open-source software too and really doesn't do anything bad.

Please fix this, this is really important.
« Last Edit: August 22, 2019, 01:36:20 PM by Stefan_Reich »

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 36768
Re: Very annoying false positive for Java application
« Reply #1 on: August 22, 2019, 01:45:48 PM »
you find how to report it info here:
https://forum.avast.com/index.php?topic=14433.msg1289438#msg1289438


Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier)
Avast Free/Pro/IS/Premier topics and issues, not viruses or false alarms here!

Use Viruses and worms section



https://www.virustotal.com/gui/file/a29f4c1f68060a4d81742978f17712295603e194cc00d780159f22b0b4991c16/detection






« Last Edit: August 22, 2019, 01:58:43 PM by Pondus »

Offline jefferson sant

  • Starting Graphoman
  • *
  • Posts: 6829
  • volunteer
Re: Very annoying false positive for Java application
« Reply #2 on: August 23, 2019, 03:22:39 PM »
Detection Java:CVE-2012-4681-KH [Expl] is legit.

Quote from: Avast
Our virus specialists have been working on this problem and they informed me that this detection is correct.

For future reference you might also find the following articles to be useful:
- Avast Threat Labs - Clean guidelines: https://support.avast.com/en-ww/article/228/