long

Questions about reporting false alarms via the Quarantine False Alarm button

Recommended Posts

Dear Technical Support, Hello!
I am a Chinese user, yesterday at 0:17 (Beijing time), behavior monitoring misreported v2rayN.exe of v2rayN agent software, I made a false alarm submission via quarantine false alarm button, and at 0:20 replied me with an email: this file has been whitelisted and will be updated online in the next 15 minutes.
But until now, after several updates, the quarantine false alarm file is still not detected by the update, and my manual rescan of the quarantine file still says that the quarantine is not a false alarm.

There is another false alarm: Panda.exe from the Panda Proxy software. I also received a false alarm via the Quarantine False Alarm button and was sent a reply to the email, but after several updates, the quarantine false alarm file is still not detected by the update and my manual rescan of the quarantine file still says that the quarantine is not a false alarm.

May I ask why this is?

Screen shots of the log and emails are attached below,Versions and licenses

 

 

 

QQ截图20201027103217.png
Download Image

QQ截图20201027103254.png
Download Image

QQ截图20201027103420.png
Download Image

QQ截图20201027103445.png
Download Image

QQ截图20201027103458.png
Download Image

QQ截图20201027110703.png
Download Image

Edited by long
not translated

Share this post


Link to post
Share on other sites
53 minutes ago, long said:

I am a Chinese user, yesterday at 0:17 (Beijing time), behavior monitoring misreported v2rayN.exe of v2rayN agent software, I made a false alarm submission via quarantine false alarm button, and at 0:20 replied me with an email: this file has been whitelisted and will be updated online in the next 15 minutes.
But until now, after several updates, the quarantine false alarm file is still not detected by the update, and my manual rescan of the quarantine file still says that the quarantine is not a false alarm.

Emsisoft Anti-Malware contains two separate guards that detect threats running on your computer. One is the File Guard which is a traditional Anti-Virus using two engines and databases (our own and the one from BitDefender), and the other is the Behavior Blocker which detects things based entirely on behavior (if something exhibits any sort of behavior that could potentially be malicious and it isn't a known safe application then it gets quarantined).

Your screenshot shows that this was quarantined by the Behavior Blocker, and thus the quarantine re-scan will not show any change in its detection (the re-scan only uses the on-demand Anti-Virus scanner and changes to the Behavior Blocker's whitelist won't be reflected in the re-scan). Just restore it from quarantine, and if our malware analysts whitelisted it then it shouldn't be detected again.

 

57 minutes ago, long said:

There is another false alarm: Panda.exe from the Panda Proxy software. I also received a false alarm via the Quarantine False Alarm button and was sent a reply to the email, but after several updates, the quarantine false alarm file is still not detected by the update and my manual rescan of the quarantine file still says that the quarantine is not a false alarm.

This was also detected by the Behavior Blocker.

Share this post


Link to post
Share on other sites
18 minutes ago, GT500 said:

Emsisoft Anti-Malware contains two separate guards that detect threats running on your computer. One is the File Guard which is a traditional Anti-Virus using two engines and databases (our own and the one from BitDefender), and the other is the Behavior Blocker which detects things based entirely on behavior (if something exhibits any sort of behavior that could potentially be malicious and it isn't a known safe application then it gets quarantined).

Your screenshot shows that this was quarantined by the Behavior Blocker, and thus the quarantine re-scan will not show any change in its detection (the re-scan only uses the on-demand Anti-Virus scanner and changes to the Behavior Blocker's whitelist won't be reflected in the re-scan). Just restore it from quarantine, and if our malware analysts whitelisted it then it shouldn't be detected again.

 

This was also detected by the Behavior Blocker.

Okay, I understand,  meaning that the quarantine area rescan function is used for the quarantine procedure for the traditional Anti-Virus engine to report viruses?The ones isolated by Behavior Blocker only need to be whitelisted by the analyst and then manually restored by the user?

Is this understanding correct?

Share this post


Link to post
Share on other sites
23 hours ago, long said:

...  meaning that the quarantine area rescan function is used for the quarantine procedure for the traditional Anti-Virus engine to report viruses?

Actually meaning that the re-scan feature isn't going to show any difference in detection for threats quarantined by the Behavior Blocker.

 

23 hours ago, long said:

The ones isolated by Behavior Blocker only need to be whitelisted by the analyst and then manually restored by the user?

That's correct.

Share this post


Link to post
Share on other sites
14 minutes ago, GT500 said:

Actually meaning that the re-scan feature isn't going to show any difference in detection for threats quarantined by the Behavior Blocker.

 

That's correct.

Okay, thanks for your answer.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.