Author Topic: False Positive NpptNT2  (Read 5136 times)

0 Members and 1 Guest are viewing this topic.

Offline -Genesis-

  • Sr. Member
  • ****
  • Posts: 285
False Positive NpptNT2
« on: May 17, 2011, 04:38:26 AM »
Well this problem occurs for over a week already.

NpptNT2.sys is a legit from Nprotect Gameguard.

Behaviors shield heuristic method is always detecting this.

Windows 10 Pro 1909/ Windows Defender/
Ryzen 5 1600/ Aorus Gtx 1080Ti Xtreme/ Gskill Trident Z RGB 3000/ Samsung Evo 250GB/ Western Digital Black 1 TB

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37170
Re: False Positive NpptNT2
« Reply #1 on: May 17, 2011, 07:53:39 AM »
so if you choose "ignore" and  click the OK button it is still detected as Suspicious again and again ?



upload suspicous file(s) to www.virustotal.com and test with 43 malware scanners
when you have the result, copy the url in the address bar and post it here for us to see

Offline -Genesis-

  • Sr. Member
  • ****
  • Posts: 285
Re: False Positive NpptNT2
« Reply #2 on: May 17, 2011, 08:11:22 AM »
This is the full story.

If i choose ignore avast will not pop up but behavior shield still detecting. But Its fine.

I dunno that its already ignore but behavior shield log has plenty of NpptNT2.

The problem is...

After restarting system that pop up appears again.


Added info

NpptNT2.sys has many location because i already put it on trusted policies on behavior shield but it still detecting it.

Anyway here is the VT

http://www.virustotal.com/file-scan/report.html?id=25284cae27071fa4391765862a81f9bdfc5398abf4ccf4e2df5b0972cfe66e72-1305529577
« Last Edit: May 17, 2011, 08:17:40 AM by AlbelNox »
Windows 10 Pro 1909/ Windows Defender/
Ryzen 5 1600/ Aorus Gtx 1080Ti Xtreme/ Gskill Trident Z RGB 3000/ Samsung Evo 250GB/ Western Digital Black 1 TB

Offline -Genesis-

  • Sr. Member
  • ****
  • Posts: 285
Re: False Positive NpptNT2
« Reply #3 on: May 18, 2011, 12:09:59 PM »
Avast team is not confirming this???..

I need reply on them.
Windows 10 Pro 1909/ Windows Defender/
Ryzen 5 1600/ Aorus Gtx 1080Ti Xtreme/ Gskill Trident Z RGB 3000/ Samsung Evo 250GB/ Western Digital Black 1 TB

SafeSurf

  • Guest
Re: False Positive NpptNT2
« Reply #4 on: May 18, 2011, 12:23:11 PM »
The VT update is still flagging it. 

Offline -Genesis-

  • Sr. Member
  • ****
  • Posts: 285
Re: False Positive NpptNT2
« Reply #5 on: May 18, 2011, 05:59:44 PM »
The VT update is still flagging it. 

From 1/43?

If you read VT community bolzano_1989 stated that its a goodware.
Windows 10 Pro 1909/ Windows Defender/
Ryzen 5 1600/ Aorus Gtx 1080Ti Xtreme/ Gskill Trident Z RGB 3000/ Samsung Evo 250GB/ Western Digital Black 1 TB

SafeSurf

  • Guest
Re: False Positive NpptNT2
« Reply #6 on: May 19, 2011, 10:55:43 AM »
It's still flagged in VT by a different user.  I don't consider anything except 0 (zero) to be safe, but that's just me.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37170
Re: False Positive NpptNT2
« Reply #7 on: May 19, 2011, 06:53:39 PM »
looks like FP


sigcheck:
publisher....: INCA Internet Co., Ltd.
copyright....: Copyright _ 2000-2005 INCA Internet
product......: nProtect NPSC Kernel Mode Driver for NT
description..: nProtect NPSC Kernel Mode Driver for NT
original name: npptNT2.sys
internal name: npptNT2
file version.: 2005, 1, 5, 1
comments.....: nProtect NPSC Kernel Mode Driver for NT
signers......: -
signing date.: -
verified.....: Unsigned

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 86126
  • No support PMs thanks
Re: False Positive NpptNT2
« Reply #8 on: July 07, 2011, 05:04:43 PM »
OK, I have gone over this topic again at the request of the OP.

The first image is misleading as the anti-rootkit scan (8 minutes after boot) has nothing to do with the Behavior Shield image in the background, even though the file in the behavior shield was allowed, it was analysed (11 events analysed/0 suspicious) but not classed as suspicious (blocked)

Unfortunately VT will fail to find anything as it can't use the heuristic methods that the anti-rootkit scan dies to detect this. And frankly eSafe is notorious, I have even seen it report a virus in a password protected archive, which is beyond me as to scan the password protected archive you have to extract the files to do it properly.

So that said I would say the detections are 0/42, which would be what I would expect (up to a point) on a file detected by the anti-rootkit scan, as it is its behavior/function that is at issue, a hidden service and not a physical signature detection that VT scans for. Which is why even in the trusted processes in the behavior shield, the file is detected by the rootkit scan (not the behavior shield).

So I would try reporting it again (email to virus&avast.com, 'False Positive anti-rootkit scan' in the subject, and give as full information as possible, mention Game Guard, the Program and version it is used with, etc. etc. and the link to this topic won't hurt either (you could also attach the file, but I don't know if that would help, but it certainly won't hurt).
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.11.2500 (build 21.11.6809.528) UI 1.0.683/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security