« previous next »
Pages: [1]   Go Down

Author Topic: Possible FP  (Read 2921 times)

0 Members and 1 Guest are viewing this topic.

wonder

  • Guest
Possible FP
« on: January 26, 2010, 07:57:45 PM »
I just ran a memory scan, and results are quite odd. fwservice.exe was detected as a malware (win 32: sql slammer), but actually it's  a Pctools firewall plus process..so, I think it's a false positive. Can anyone who use pc tools Fw confirm this by simply doing a memory scan?? Thanks  ;)
Logged

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89014
  • No support PMs thanks
Re: Possible FP
« Reply #1 on: January 26, 2010, 08:25:36 PM »
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can't do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

- avast4 - Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect\* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.

- avast5 - Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the File System Shield, Expert Settings, Exclusions, Add, type (or copy and paste) C:\Suspect\* That will stop the File System Shield scanning any file you put in that folder.
Logged
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

wonder

  • Guest
Re: Possible FP
« Reply #2 on: January 26, 2010, 08:47:34 PM »
Now it's sure, it's a FP:

http://www.virustotal.com/it/analisis/7ce62bec9abcb87a6680cecc8dd0acf93f157af74baaed6d458f603d9a01279d-1264535044

Even avast 4.8 doesn't detect it...it's an avast 5 problem...
Logged

Offline Milos

  • Avast team
  • Super Poster
  • *
  • Posts: 2293
Re: Possible FP
« Reply #3 on: January 26, 2010, 09:01:42 PM »
Hi,
memory scan? -- what did you upload to virustotal -- memory dump? No.
The file you uploaded to VT avast! v5 don't detect too. But in memory was found some uncryted malware signature (maybe belongs to PC tools FW).

Milos
Logged

wonder

  • Guest
Re: Possible FP
« Reply #4 on: January 26, 2010, 09:12:11 PM »
Ok, i'm not an expert, but here's a screenshot
Logged

Offline Milos

  • Avast team
  • Super Poster
  • *
  • Posts: 2293
Re: Possible FP
« Reply #5 on: January 27, 2010, 05:49:03 PM »
Hello,
yes uncryted malware signature in memory belonging to PC tools FW.

Milos
Logged

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89014
  • No support PMs thanks
Re: Possible FP
« Reply #6 on: January 27, 2010, 06:42:36 PM »
Bad form in not encrypting signatures, but why a firewall has malware scanning is beyond me unless it is a security suite, so I would have thought uninstalling/disabling PC Tools malware scanning element.
Logged
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security
Pages: [1]   Go Up
« previous next »