Virus in PB4.20 UpdateTool?

[UserOfPure]

I dont need to store any new data on my client client/server pc on the main partition since I keep all important/updating programs on a different hidden drive.

But what about apps like Firefox which write to %AppData% when adding bookmarks, cookies, and so on? Deep Freeze wouldn't be able to save them. That's what I'm trying to work around. Faronics has a mapping tool to supposedly redirect all %AppData% folder writes to another drive, but I can't get it to work.

[srod]

I have some personal nigthmare story with Norton.

I too had a nightmare with that company and theirAV product. I now use AVG -which also reports a trojan with the update tool!

[Kaeru Gaman]

some AV's heuristic interprete every DownloadFromURL-call of a non-certified app as a "Trojan"....

[Ajm]

This is a reply I got back this afterneen from Sophos after I submitted the update tool this morning.
It's a shame they don't all respond that quick.

Good afternoon Andy,

thank you for your email.

The file UpdateTool.exe that you sent to us for analysis is producing a false-positive report.
An IDE file that will correct this should be released on the Databank later this afternoon.
However, the file will still be detected with Suspicious detection on as Sus/UnkPacker. If so, it can be authorised.

Please do not hesitate to contact me if I can be of any further assistance.

Regards,

Karin Cowell
Sophos Technical Support

--Original Message--
From:
Date: 27/05/2008 11:00:40
To: samples@sophos.com
Subject: File sample submitted from the Sophos website

The following file(s) was submitted on:
Tue May 27 10:00:16 2008

[DoubleDutch]

However, the file will still be detected with Suspicious detection on as Sus/UnkPacker. If so, it can be authorised.

This seems a little unfair - they know the file is not a virus - why do they continue to say its suspicious? This kind of thing should be libelous - they are knowingly slandering the program.

[Inf0Byt3]

Definitely outrageous! Didn't think this could ever happen. It isn't PB's fault that their analysts did a not so great job at examining the data or that compiled code between programs may look the same. This hurts PB's image IMO.

[DoubleDutch]

This hurts PB's image IMO.

This is exactly what I think too. If I did not trust the developers then I would think twice about using it - thus buying it. This means that they could lose sales due to what the AntiVirus tool is saying - thus (imho) they should be able to claim damages due to loss of sales and reputation.

If the antivirus authors fixed the problem without question then they could have a defense, but the attitude from this company is undefendable.

[Fred]

I got response from AVG and Antivir, and both have release fixed version of their detections packages. I just tried here with the updatetool.exe, and it's no more flagged. If you still encounter such problem with a PB exe, feel free to post it, so we can mail them again.

[pdwyer]

I thought I was going have to port all my virus code to another language there for a moment! phew!

[ricardo]

In this 2 pages (maybe more exists) you can do online scan of files to see if some AV still showing any flags

http://www.virustotal.com

http://virusscan.jotti.org/

They do an online scan of uploaded files with more than 30 of the most popular AV software and five results in a matter of minutes.