Sign in to follow this  
DeWild1

fasle positive. Where do I submit files?

Recommended Posts

Hi, my name is Dean. I make CPULOCK, *** http : // www. CPULOCK . com . {edited by Lynx}

Your software seems great, however it is seeing my programs as Trojan.Win32.Swisyn.qwd!A2

Where do I submit my files to prove they are not viruses?

Share this post


Link to post
Share on other sites

Also, I have been playing with your command line scanner...

I made a white list c:\wl.txt, with these words in it.

c:\program files\911 PC FIX . com

After I had a client tell me I was a false positive, last night, I tried command line is,

a2cmd.exe /f="c:\" /deep /m /a /n /log="c:\log.txt" /wl="c:\wl.txt" /dq
yet they are still deleted, or maybe I am wrong, I will try
a2cmd.exe /f="c:\program files" /deep /m /a /n /log="c:\log.txt" /wl="c:\wl.txt" /dq
so it will not take so long.

Also, you are flagging GDI Software, AKA Remote Helpdesk, as bad as well.

I know him personally and I use his software for all my clients, it can not be used in a bad way, unless the bad guy pays for the full version. The full version costs over $1000, (I think), so I doubt any bad guys would pay that much... They would just use realVNC or something like that.

Share this post


Link to post
Share on other sites

Hi Dean, welcome to the forum

First, I edited the link in your initial message.

Please don't post "clickable" links to the Software in question. Irrespectively whether that is indeed the link to legitimate Software being falsely flagged or not - currently it is in question and that has to be solved in the 1st place

In order to submit flagged items use "Submit as false alert".

Right-Click on the item in the detection list and choose the said option from the pop-up menu.

Wait for subsequent updates and rescan

If the suspect was quarantined (temporarily) it can be submitted from the Quarantine area. You will have a chance even to fill in and send some comments.

In the configuration set option for "Silent" or "Manual" Re-Scanning

The jailed items will be rescanned after updates automatically and restored if FP was confirmed and the update brought the fix

Another way is to use e-mail

If there is no fix say its delayed ( usually takes 24-48 hours) or you are still uncertain

Submit False Positives to EMSI [email protected]

Before submitting, create a password protected archive (ZIP or RAR) containing the file(s). Make sure the main body of the email contains the password for the compressed archive.

Always save the report. You can attach it here and or send as an attachment to the passworded archive to the developers for the analysis.

My regards

P.S.

As for the /WL= parameter please try to include the folder where the file resides.

See the example #3 in this thread

Share this post


Link to post
Share on other sites

You are welcome.

It seems that I added P.S. later ... after you read my initial reply :)

Please try that ... just in case

My regards

Share this post


Link to post
Share on other sites

You are welcome.

It seems that I added P.S. later ... after you read my initial reply :)

Please try that ... just in case

My regards

Thanks... And it should be included in the documentation that the flags/

/quick Scans all active programs, Spyware Traces and

TrackingCookies

/smart Good and fast result, but only important folders will be scanned

/deep

Are kind of templates for groups of files. (and cookies, memory, etc)

It took me a bit to realize that /hard will scan everything on C:\

/f=[], /files=[path] Scan files

when used with the templates, is for extra - odd paths - files.

It's by far the best command line scanner out. B)

Share this post


Link to post
Share on other sites

You are welcome Dean,

...It's by far the best command line scanner out. B)

Yes, indeed ;)

In addition to what you read in a2cmd_readme.txt and got already from the experience you can search the old forum as suggested. There are examples of branching the batch and scripts using the Result Code. The latter is helpful when you leave the scan(s) unattended, say overnight.

E.g., you scanned the drive(s) that you want to backup completely or partially (just some folders)

If there were no detections - do that - invoke your backup Software from the script.

When there are flaggings – just save the report' skip the backup (that's useless in such situation) and analyze the report(s) in the morning after or during having a coffee

I would suggest never using quarantine / delete as a parameters.

That would mimic the GUI version behaviour, when you always getting the detection list and then making the decisions based on your knowledge and proper analysis

You may read this Sticky in addition.

As for the explanations regarding scan types, the mentioned “readme” is stressing the use of the parameters more than anything else, but other details are in the main documentation - #2.1.2; #4 & #8.2 (for Anti-Malware Suite)

My regards

Share this post


Link to post
Share on other sites

FYI, a little problem with the reporting of false positives through the GUI.

Your program has seem about 10 of my programs as Trojan.Win32.Swisyn.qwd!A2 but when I right click on any one of them under Trojan.Win32.Swisyn.qwd!A2, I click submit, but it only submits the first one.

Thank you for all your help, I will zip them and email them now.

Share this post


Link to post
Share on other sites

Hi Dean,

That is not a problem at all - that is a correct behaviour

The detection name mostly representing the "type of" or the "family of" infection.

So even you see different file names flagged identically you need to submit only one file. Others will be ignored

You have say 3.6 million of signature. The figure is constantly changing.

Sometimes after DB cleanup you can see just 2.7

You do understand that the number of files out here that are representing infections is incomparably (!) bigger than the number of signatures ;)

You cannot possibly have direct one to one ratio in this respect.

My regards

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.