Jump to content

Questions about reporting false alarms via the Quarantine False Alarm button


Recommended Posts

Dear Technical Support, Hello!
I am a Chinese user, yesterday at 0:17 (Beijing time), behavior monitoring misreported v2rayN.exe of v2rayN agent software, I made a false alarm submission via quarantine false alarm button, and at 0:20 replied me with an email: this file has been whitelisted and will be updated online in the next 15 minutes.
But until now, after several updates, the quarantine false alarm file is still not detected by the update, and my manual rescan of the quarantine file still says that the quarantine is not a false alarm.

There is another false alarm: Panda.exe from the Panda Proxy software. I also received a false alarm via the Quarantine False Alarm button and was sent a reply to the email, but after several updates, the quarantine false alarm file is still not detected by the update and my manual rescan of the quarantine file still says that the quarantine is not a false alarm.

May I ask why this is?

Screen shots of the log and emails are attached below,Versions and licenses

 

 

 

QQ截图20201027103217.png

QQ截图20201027103254.png

QQ截图20201027103420.png

QQ截图20201027103445.png

QQ截图20201027103458.png

QQ截图20201027110703.png

Edited by long
not translated
Link to comment
Share on other sites

53 minutes ago, long said:

I am a Chinese user, yesterday at 0:17 (Beijing time), behavior monitoring misreported v2rayN.exe of v2rayN agent software, I made a false alarm submission via quarantine false alarm button, and at 0:20 replied me with an email: this file has been whitelisted and will be updated online in the next 15 minutes.
But until now, after several updates, the quarantine false alarm file is still not detected by the update, and my manual rescan of the quarantine file still says that the quarantine is not a false alarm.

Emsisoft Anti-Malware contains two separate guards that detect threats running on your computer. One is the File Guard which is a traditional Anti-Virus using two engines and databases (our own and the one from BitDefender), and the other is the Behavior Blocker which detects things based entirely on behavior (if something exhibits any sort of behavior that could potentially be malicious and it isn't a known safe application then it gets quarantined).

Your screenshot shows that this was quarantined by the Behavior Blocker, and thus the quarantine re-scan will not show any change in its detection (the re-scan only uses the on-demand Anti-Virus scanner and changes to the Behavior Blocker's whitelist won't be reflected in the re-scan). Just restore it from quarantine, and if our malware analysts whitelisted it then it shouldn't be detected again.

 

57 minutes ago, long said:

There is another false alarm: Panda.exe from the Panda Proxy software. I also received a false alarm via the Quarantine False Alarm button and was sent a reply to the email, but after several updates, the quarantine false alarm file is still not detected by the update and my manual rescan of the quarantine file still says that the quarantine is not a false alarm.

This was also detected by the Behavior Blocker.

Link to comment
Share on other sites

18 minutes ago, GT500 said:

Emsisoft Anti-Malware contains two separate guards that detect threats running on your computer. One is the File Guard which is a traditional Anti-Virus using two engines and databases (our own and the one from BitDefender), and the other is the Behavior Blocker which detects things based entirely on behavior (if something exhibits any sort of behavior that could potentially be malicious and it isn't a known safe application then it gets quarantined).

Your screenshot shows that this was quarantined by the Behavior Blocker, and thus the quarantine re-scan will not show any change in its detection (the re-scan only uses the on-demand Anti-Virus scanner and changes to the Behavior Blocker's whitelist won't be reflected in the re-scan). Just restore it from quarantine, and if our malware analysts whitelisted it then it shouldn't be detected again.

 

This was also detected by the Behavior Blocker.

Okay, I understand,  meaning that the quarantine area rescan function is used for the quarantine procedure for the traditional Anti-Virus engine to report viruses?The ones isolated by Behavior Blocker only need to be whitelisted by the analyst and then manually restored by the user?

Is this understanding correct?

Link to comment
Share on other sites

23 hours ago, long said:

...  meaning that the quarantine area rescan function is used for the quarantine procedure for the traditional Anti-Virus engine to report viruses?

Actually meaning that the re-scan feature isn't going to show any difference in detection for threats quarantined by the Behavior Blocker.

 

23 hours ago, long said:

The ones isolated by Behavior Blocker only need to be whitelisted by the analyst and then manually restored by the user?

That's correct.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...