japbe - purelib mgr - bloodhound.overpacked (norton AV)

[NoahPhense]

japbe - please see if you can not overpack this exe. I cannot install it
as norton is eating it when I unzip. I could turn off my AV .. but it'll just
find it when I turn it back on.

I'm trying to find a way to exclude it from being processed by Norton,
but I don't see a quick solution yet.

- np

[gnozal]

japbe - please see if you can not overpack this exe. I cannot install it
as norton is eating it when I unzip. I could turn off my AV .. but it'll just
find it when I turn it back on.

jaPBe ?

The jaPBe 'installer' is simply a self-extracting 7-ZIP archive (no more, no less).
The jaPBe V3 executable itself is packed with PECompact2.

And in my opinion Norton AV is one of the worst AV software ever ...

[thefool]

And in my opinion Norton AV is one of the worst AV software ever ...

Actually in the early days it was okay. Now it has become a pain.

bloodhound.overpacked

Bloodhound is their heuristic engine (afaik), so its probably a fake.

[Kaeru Gaman]

what does "bloodhound.overpacked" mean....?

...just because that problem may apply to every software that meets particular circumstances.....

[thefool]

what does "bloodhound.overpacked" mean....?

...just because that problem may apply to every software that meets particular circumstances.....

I think it means that the heuristic engine detected something that looks like "overpacked"

The heuristic engines can of course make false positives once in a while, it is, afterall a guess. They can be based on neural networks (a mate & me works on that currently) where you can "teach" it how the things look, and then it can detect mutations and so on of the thing. usable for image recognition, too

Of course there are other methods too.

[Kaeru Gaman]

yap, sure.

...so I just don't understand what the term "overpacked" means....


yeah, neural networks is a really interesting field...

[thefool]

yap, sure.

...so I just don't understand what the term "overpacked" means....


yeah, neural networks is a really interesting field...

I found it!

Symantec antivirus products exclusively use the virus name Bloodhound.Overpacked when a potentially unknown virus is found using Symantec Bloodhound technology. Bloodhound technology consists of heuristic algorithms used to detect unknown viruses. The actual file detected under Bloodhound.Overpacked is likely to be infected with a new, packed, 32-bit Windows virus.

yes the neural networks are going great. And they are sure interesting

[Kaeru Gaman]

The actual file detected under Bloodhound.Overpacked is likely to be infected with a new, packed, 32-bit Windows virus.

so it's just a bloody mistake of the dumb bloodhound.
he doesn't like good code packed with a good packer.

I often heard about other AV-apps (e.g. AVIRA) marking PureBasic Products as infected.

maybe it referres to the philosophy "if a program is small and effective, it must be a virus"

ridiculous.

@NoahPhense

get yourself a good AV-software. I experienced no problems with AVAST so far.... (NORTON is bull)

[thefool]

Avast has worked GREAT for me so far.

[NoahPhense]

And in my opinion Norton AV is one of the worst AV software ever ...

Actually in the early days it was okay. Now it has become a pain.

bloodhound.overpacked

Bloodhound is their heuristic engine (afaik), so its probably a fake.

I know what overpacked means. But Norton still quarenteens the file so
that I have no access to it.

** as for Norton in general, its not a bad app .. this particular issue has
been the first issue in 3 years of using it, and honestly, it's only
protecting me. Overpacked items *can* contain viri as well as
destructive code.

- np

Anyhow, guess there's no solution. I don't think Norton will allow
turning off of overpacked files.

** edit **
I used to use Avast Pro a couple years ago. Guess I try it out again.

[Kaeru Gaman]

> I used to use Avast Pro a couple years ago. Guess I try it out again.

I think that is the only real solution...

as theFool said:
> Actually in the early days it was okay. Now it has become a pain.

I don't like programs that take too much decisions away from you.

if a program/package that contains no destructive code is blocked
and you have no possibility to tell your AV to leave it alone,
then you have to get rid off that crap.

when your dog keep biting your sheep because he thinks they smell like fox, you got to shot that dumb dog.

[Baldrick]

@NoahPhense,
I have also been using Norton AV for many years with excellent results.
About 10 days or so back I also encountered much the same problem as you, except with me it was picking PureUPX as overpacked. I tried re-downloading PureUPX & this stopped that problem. Since then this same bloodhound.overpacked thing has picked up on a copy I have on my pc of Netmaestro's "Vista Clock" app as well as actually picking up on a little test app I had forgotten about based on the "eicar AV test string " which 1 of the ppl from this forum posted when they were working on an AV app.
So I think it may be that this problem must be as a result of 1 of symantecs auto-updates which has added some signature data to detect this overpack problem.
It actually seems to me that maybe this bloodhound thing is detecting exe files that have been overwritten various times as we test them & modify, retest, modify, so on. ( I will have a play with that theory & see if I can get something to do it by modifying the exe & upx'ing a number of times. - Will let you know if I turn anything up on this idea. )

[PB]

> when your dog keep biting your sheep because he thinks they smell like
> fox, you got to shot that dumb dog

Superb analogy!

[JCV]

Its quite annoying if one of your user reports that your released program is detected as virus and explaining them that the AV is wrong. Ive been using PECompact for years and its my 2nd time to experience this. The first one is AVG last year and now Norton.

[Fluid Byte]

You are just new in the forum and your very first post is about digging up a corpse that is far over 2 years old?

Not a very clever way to start out ...