Jump to content
Sign in to follow this  
Followers 0
jbeekman

False Positive and I can't use the in-tool submission

By jbeekman, in False Positives

Recommended Posts

jbeekman   

jbeekman
Posted

I tried to start WAMP, which I installed to use as a test bed for web development, and my live protection always flags the exe file (see pic). I tried the scan and it only, ever, shows adware stuff and never the exe it flagged. Also, restoring and then scanning also doesn't do me any good. No matter what I do it always flags the wamp exe as a trojan.

SAS_lg_zpsdde7c275.jpg

Share this post

Link to post
Share on other sites

GuiltySpark   

GuiltySpark
Posted

Hi jbeekman,

 

Can you explain a little more as to why you can't use the inbuilt FP reporter.

Share this post

Link to post
Share on other sites

jbeekman   

jbeekman
Posted

Only the live resident flags it preventing me from loading the program into memory. It never actually shows up on the scan results.



SUPERAntiSpyware Scan Log
 
Generated 04/22/2013 at 02:28 PM
 
Application Version : 5.6.1014
 
Core Rules Database Version : 10296
Trace Rules Database Version: 8108
 
Scan type       : Complete Scan
Total Scan Time : 00:45:46
 
Operating System Information
 Professional 64-bit (Build 6.02.9200)
UAC On - Limited User
 
Memory items scanned      : 843
Memory threats detected   : 0
Registry items scanned    : 72669
Registry threats detected : 0
File items scanned        : 124901
File threats detected     : 3
 
Adware.Tracking Cookie
.imrworldwide.com [ C:\USERS\JARED\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\JARED\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.gawker.com [ C:\USERS\JARED\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

Share this post

Link to post
Share on other sites

GuiltySpark   

GuiltySpark
Posted

Only the live resident flags it preventing me from loading the program into memory. It never actually shows up on the scan results.

In your pic above, there is a Real time detection shown, if you highlight that you should have the option to submit it as a FP.

Share this post

Link to post
Share on other sites

jbeekman   

jbeekman
Posted

I'll try again. A full system scan runs every morning at 3am. I'll check it again when I get up for classes.

 

 

Considering that fact, it should of showed up for the last 2 days as I installed it Saturday, and ran it initially with no problems.

Share this post

Link to post
Share on other sites

jbeekman   

jbeekman
Posted

Here's the log from last night:

 

 

SUPERAntiSpyware Scan Log
 
Generated 04/23/2013 at 02:44 AM
 
Application Version : 5.6.1014
 
Core Rules Database Version : 10299
Trace Rules Database Version: 8111
 
Scan type       : Complete Scan
Total Scan Time : 00:44:32
 
Operating System Information
 Professional 64-bit (Build 6.02.9200)
UAC On - Limited User
 
Memory items scanned      : 836
Memory threats detected   : 0
Registry items scanned    : 72669
Registry threats detected : 0
File items scanned        : 125336
File threats detected     : 9
 
Adware.Tracking Cookie
.imrworldwide.com [ C:\USERS\JARED\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\JARED\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.gawker.com [ C:\USERS\JARED\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
mycounter.tinycounter.com [ C:\USERS\JARED\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
mycounter.tinycounter.com [ C:\USERS\JARED\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.gigcount.com [ C:\USERS\JARED\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.gigcount.com [ C:\USERS\JARED\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.gigcount.com [ C:\USERS\JARED\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.gigcount.com [ C:\USERS\JARED\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 
 
Here's a screen shot from a few seconds ago
Untitled_zps01e5724b.png
 

Share this post

Link to post
Share on other sites

SAS Customer Service   

SAS Customer Service
Posted

When an item is detected by real-time protection, it will be placed into quarantine. If you restore the item from quarantine and run a complete scan, it will be detected. If you've restored the item and it is no longer detected in a scan, it is likely that the false positive has already been corrected.

Share this post

Link to post
Share on other sites

SChoeolpdeorn   

SChoeolpdeorn
Posted
Hi, I just read your topic about SAS detecting WAMP as a trojan, since I'm having the same problem. It seems you already solved that now, but even reading your posts I couldn't figure out how you reached the option to trust the program:                              Capture1.jpg
 
Would you be so kind to explain how you managed to do it? Thanks a lot!  ^_^

Share this post

Link to post
Share on other sites

jbeekman   

jbeekman
Posted

I tried everything I could to auto-report it to no avail. I did, however, just right click the task bar icon, choose "view blocked spyware applications", highlighted Wamp, and allowed it.

Share this post

Link to post
Share on other sites

jbeekman   

jbeekman
Posted

When an item is detected by real-time protection, it will be placed into quarantine. If you restore the item from quarantine and run a complete scan, it will be detected. If you've restored the item and it is no longer detected in a scan, it is likely that the false positive has already been corrected.

No, that didn't work, any of the several times I tried it. See my previous post for what I did do.

Share this post

Link to post
Share on other sites

cover   

cover
Posted

What jbeekman describes is very much similar to my own experiences and this just started.  I've had WAMP for some time now and in the past, there hasn't been a problem.  Suddenly when I have 'real-time protection- on, it grabs the WAMP exe and places it in quarantine.  With real-time protection unchecked, I can run a scan once the file is restored and nada - nothing irregular to report and it isn't picked up in a scan.

 

SuperAntiSpyware.jpg

Share this post

Link to post
Share on other sites

ParrotSlave   

ParrotSlave
Posted

Mine automatically quarantined the objects, then, of course, there was no way to submit the files to SAS. However, I think I recall submitting these a long time ago, via the free version, from my old laptop. It finds Cyberlink's Power2Go files as trojans, Gen-Yodos--CLCLEANER2-POWER2GO_6.0-7.0.EXE, CLCLEANER2-POWER2GO_8.0.EXE, and CLCLEANER2-WAVEEDITOR_1.0-2.0.EXE. It also finds mp3DirectCut as a trojan, Gen-Small--MP3DIRECTCUT219.EXE, and it finds INSTALLER_EML_TO_PST_CONVERTER.EXE to be a trojan, Gen-Toggle.

 

Norton does not think they are trojans, and Malwarebytes does not think so either. Cyberlink would probably be surprised. 

 

It also found one file in Chrome's cache, APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\F_00148D, which was puzzling. Again, neither Malwarebytes nor Norton thought anything was wrong with the file.

Share this post

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0
Go To Topic Listing
×
×
  • Create New...