japbe - purelib mgr - bloodhound.overpacked (norton AV)
- NoahPhense
- Addict
- Posts: 1999
- Joined: Thu Oct 16, 2003 8:30 pm
- Location: North Florida
japbe - purelib mgr - bloodhound.overpacked (norton AV)
japbe - please see if you can not overpack this exe. I cannot install it
as norton is eating it when I unzip. I could turn off my AV .. but it'll just
find it when I turn it back on.
I'm trying to find a way to exclude it from being processed by Norton,
but I don't see a quick solution yet.
- np
as norton is eating it when I unzip. I could turn off my AV .. but it'll just
find it when I turn it back on.
I'm trying to find a way to exclude it from being processed by Norton,
but I don't see a quick solution yet.
- np
-
- PureBasic Expert
- Posts: 4229
- Joined: Sat Apr 26, 2003 8:27 am
- Location: Strasbourg / France
- Contact:
Re: japbe - purelib mgr - bloodhound.overpacked (norton AV)
jaPBe ?NoahPhense wrote:japbe - please see if you can not overpack this exe. I cannot install it
as norton is eating it when I unzip. I could turn off my AV .. but it'll just
find it when I turn it back on.
The jaPBe 'installer' is simply a self-extracting 7-ZIP archive (no more, no less).
The jaPBe V3 executable itself is packed with PECompact2.
And in my opinion Norton AV is one of the worst AV software ever ...
For free libraries and tools, visit my web site (also home of jaPBe V3 and PureFORM).
Re: japbe - purelib mgr - bloodhound.overpacked (norton AV)
Actually in the early days it was okay. Now it has become a pain.gnozal wrote: And in my opinion Norton AV is one of the worst AV software ever ...
Bloodhound is their heuristic engine (afaik), so its probably a fake.bloodhound.overpacked
- Kaeru Gaman
- Addict
- Posts: 4826
- Joined: Sun Mar 19, 2006 1:57 pm
- Location: Germany
I think it means that the heuristic engine detected something that looks like "overpacked"Kaeru Gaman wrote:what does "bloodhound.overpacked" mean....?
...just because that problem may apply to every software that meets particular circumstances.....
The heuristic engines can of course make false positives once in a while, it is, afterall a guess. They can be based on neural networks (a mate & me works on that currently) where you can "teach" it how the things look, and then it can detect mutations and so on of the thing. usable for image recognition, too
Of course there are other methods too.
- Kaeru Gaman
- Addict
- Posts: 4826
- Joined: Sun Mar 19, 2006 1:57 pm
- Location: Germany
I found it!Kaeru Gaman wrote:yap, sure.
...so I just don't understand what the term "overpacked" means....
yeah, neural networks is a really interesting field...
yes the neural networks are going great. And they are sure interestingSymantec antivirus products exclusively use the virus name Bloodhound.Overpacked when a potentially unknown virus is found using Symantec Bloodhound technology. Bloodhound technology consists of heuristic algorithms used to detect unknown viruses. The actual file detected under Bloodhound.Overpacked is likely to be infected with a new, packed, 32-bit Windows virus.
- Kaeru Gaman
- Addict
- Posts: 4826
- Joined: Sun Mar 19, 2006 1:57 pm
- Location: Germany
so it's just a bloody mistake of the dumb bloodhound.The actual file detected under Bloodhound.Overpacked is likely to be infected with a new, packed, 32-bit Windows virus.
he doesn't like good code packed with a good packer.
I often heard about other AV-apps (e.g. AVIRA) marking PureBasic Products as infected.
maybe it referres to the philosophy "if a program is small and effective, it must be a virus"
ridiculous.
@NoahPhense
get yourself a good AV-software. I experienced no problems with AVAST so far.... (NORTON is bull)
oh... and have a nice day.
- NoahPhense
- Addict
- Posts: 1999
- Joined: Thu Oct 16, 2003 8:30 pm
- Location: North Florida
Re: japbe - purelib mgr - bloodhound.overpacked (norton AV)
I know what overpacked means. But Norton still quarenteens the file sothefool wrote:Actually in the early days it was okay. Now it has become a pain.gnozal wrote: And in my opinion Norton AV is one of the worst AV software ever ...
Bloodhound is their heuristic engine (afaik), so its probably a fake.bloodhound.overpacked
that I have no access to it.
** as for Norton in general, its not a bad app .. this particular issue has
been the first issue in 3 years of using it, and honestly, it's only
protecting me. Overpacked items *can* contain viri as well as
destructive code.
- np
Anyhow, guess there's no solution. I don't think Norton will allow
turning off of overpacked files.
** edit **
I used to use Avast Pro a couple years ago. Guess I try it out again.
- Kaeru Gaman
- Addict
- Posts: 4826
- Joined: Sun Mar 19, 2006 1:57 pm
- Location: Germany
> I used to use Avast Pro a couple years ago. Guess I try it out again.
I think that is the only real solution...
as theFool said:
> Actually in the early days it was okay. Now it has become a pain.
I don't like programs that take too much decisions away from you.
if a program/package that contains no destructive code is blocked
and you have no possibility to tell your AV to leave it alone,
then you have to get rid off that crap.
when your dog keep biting your sheep because he thinks they smell like fox, you got to shot that dumb dog.
I think that is the only real solution...
as theFool said:
> Actually in the early days it was okay. Now it has become a pain.
I don't like programs that take too much decisions away from you.
if a program/package that contains no destructive code is blocked
and you have no possibility to tell your AV to leave it alone,
then you have to get rid off that crap.
when your dog keep biting your sheep because he thinks they smell like fox, you got to shot that dumb dog.
oh... and have a nice day.
@NoahPhense,
I have also been using Norton AV for many years with excellent results.
About 10 days or so back I also encountered much the same problem as you, except with me it was picking PureUPX as overpacked. I tried re-downloading PureUPX & this stopped that problem. Since then this same bloodhound.overpacked thing has picked up on a copy I have on my pc of Netmaestro's "Vista Clock" app as well as actually picking up on a little test app I had forgotten about based on the "eicar AV test string " which 1 of the ppl from this forum posted when they were working on an AV app.
So I think it may be that this problem must be as a result of 1 of symantecs auto-updates which has added some signature data to detect this overpack problem.
It actually seems to me that maybe this bloodhound thing is detecting exe files that have been overwritten various times as we test them & modify, retest, modify, so on. ( I will have a play with that theory & see if I can get something to do it by modifying the exe & upx'ing a number of times. - Will let you know if I turn anything up on this idea. )
I have also been using Norton AV for many years with excellent results.
About 10 days or so back I also encountered much the same problem as you, except with me it was picking PureUPX as overpacked. I tried re-downloading PureUPX & this stopped that problem. Since then this same bloodhound.overpacked thing has picked up on a copy I have on my pc of Netmaestro's "Vista Clock" app as well as actually picking up on a little test app I had forgotten about based on the "eicar AV test string " which 1 of the ppl from this forum posted when they were working on an AV app.
So I think it may be that this problem must be as a result of 1 of symantecs auto-updates which has added some signature data to detect this overpack problem.
It actually seems to me that maybe this bloodhound thing is detecting exe files that have been overwritten various times as we test them & modify, retest, modify, so on. ( I will have a play with that theory & see if I can get something to do it by modifying the exe & upx'ing a number of times. - Will let you know if I turn anything up on this idea. )
Its quite annoying if one of your user reports that your released program is detected as virus and explaining them that the AV is wrong. Ive been using PECompact for years and its my 2nd time to experience this. The first one is AVG last year and now Norton.
[Registered PB User since 2006]
[PureBasic 5.7][SpiderBasic 2.2] [Win 10 64bit]
[Intel i7 990x 4.20 Ghz] [18GB DDR3]
- Fluid Byte
- Addict
- Posts: 2336
- Joined: Fri Jul 21, 2006 4:41 am
- Location: Berlin, Germany
Re: japbe - purelib mgr - bloodhound.overpacked (norton AV)
You are just new in the forum and your very first post is about digging up a corpse that is far over 2 years old?
Not a very clever way to start out ...
Not a very clever way to start out ...
Windows 10 Pro, 64-Bit / Whose Hoff is it anyway?