long Posted October 27, 2020 Report Share Posted October 27, 2020 (edited) Dear Technical Support, Hello! I am a Chinese user, yesterday at 0:17 (Beijing time), behavior monitoring misreported v2rayN.exe of v2rayN agent software, I made a false alarm submission via quarantine false alarm button, and at 0:20 replied me with an email: this file has been whitelisted and will be updated online in the next 15 minutes. But until now, after several updates, the quarantine false alarm file is still not detected by the update, and my manual rescan of the quarantine file still says that the quarantine is not a false alarm. There is another false alarm: Panda.exe from the Panda Proxy software. I also received a false alarm via the Quarantine False Alarm button and was sent a reply to the email, but after several updates, the quarantine false alarm file is still not detected by the update and my manual rescan of the quarantine file still says that the quarantine is not a false alarm. May I ask why this is? Screen shots of the log and emails are attached below,Versions and licenses Edited October 27, 2020 by long not translated Link to comment Share on other sites More sharing options...
GT500 Posted October 27, 2020 Report Share Posted October 27, 2020 53 minutes ago, long said: I am a Chinese user, yesterday at 0:17 (Beijing time), behavior monitoring misreported v2rayN.exe of v2rayN agent software, I made a false alarm submission via quarantine false alarm button, and at 0:20 replied me with an email: this file has been whitelisted and will be updated online in the next 15 minutes. But until now, after several updates, the quarantine false alarm file is still not detected by the update, and my manual rescan of the quarantine file still says that the quarantine is not a false alarm. Emsisoft Anti-Malware contains two separate guards that detect threats running on your computer. One is the File Guard which is a traditional Anti-Virus using two engines and databases (our own and the one from BitDefender), and the other is the Behavior Blocker which detects things based entirely on behavior (if something exhibits any sort of behavior that could potentially be malicious and it isn't a known safe application then it gets quarantined). Your screenshot shows that this was quarantined by the Behavior Blocker, and thus the quarantine re-scan will not show any change in its detection (the re-scan only uses the on-demand Anti-Virus scanner and changes to the Behavior Blocker's whitelist won't be reflected in the re-scan). Just restore it from quarantine, and if our malware analysts whitelisted it then it shouldn't be detected again. 57 minutes ago, long said: There is another false alarm: Panda.exe from the Panda Proxy software. I also received a false alarm via the Quarantine False Alarm button and was sent a reply to the email, but after several updates, the quarantine false alarm file is still not detected by the update and my manual rescan of the quarantine file still says that the quarantine is not a false alarm. This was also detected by the Behavior Blocker. Link to comment Share on other sites More sharing options...
long Posted October 27, 2020 Author Report Share Posted October 27, 2020 18 minutes ago, GT500 said: Emsisoft Anti-Malware contains two separate guards that detect threats running on your computer. One is the File Guard which is a traditional Anti-Virus using two engines and databases (our own and the one from BitDefender), and the other is the Behavior Blocker which detects things based entirely on behavior (if something exhibits any sort of behavior that could potentially be malicious and it isn't a known safe application then it gets quarantined). Your screenshot shows that this was quarantined by the Behavior Blocker, and thus the quarantine re-scan will not show any change in its detection (the re-scan only uses the on-demand Anti-Virus scanner and changes to the Behavior Blocker's whitelist won't be reflected in the re-scan). Just restore it from quarantine, and if our malware analysts whitelisted it then it shouldn't be detected again. This was also detected by the Behavior Blocker. Okay, I understand, meaning that the quarantine area rescan function is used for the quarantine procedure for the traditional Anti-Virus engine to report viruses?The ones isolated by Behavior Blocker only need to be whitelisted by the analyst and then manually restored by the user? Is this understanding correct? Link to comment Share on other sites More sharing options...
GT500 Posted October 28, 2020 Report Share Posted October 28, 2020 23 hours ago, long said: ... meaning that the quarantine area rescan function is used for the quarantine procedure for the traditional Anti-Virus engine to report viruses? Actually meaning that the re-scan feature isn't going to show any difference in detection for threats quarantined by the Behavior Blocker. 23 hours ago, long said: The ones isolated by Behavior Blocker only need to be whitelisted by the analyst and then manually restored by the user? That's correct. Link to comment Share on other sites More sharing options...
long Posted October 28, 2020 Author Report Share Posted October 28, 2020 14 minutes ago, GT500 said: Actually meaning that the re-scan feature isn't going to show any difference in detection for threats quarantined by the Behavior Blocker. That's correct. Okay, thanks for your answer. Link to comment Share on other sites More sharing options...
GT500 Posted October 29, 2020 Report Share Posted October 29, 2020 You're welcome. Link to comment Share on other sites More sharing options...
Recommended Posts