Page 3 of 3
Posted: Sat May 24, 2008 12:53 am
by UserOfPure
JCV wrote:I dont need to store any new data on my client client/server pc on the main partition since I keep all important/updating programs on a different hidden drive.
But what about apps like Firefox which write to %AppData% when adding bookmarks, cookies, and so on? Deep Freeze wouldn't be able to save them. That's what I'm trying to work around. Faronics has a mapping tool to supposedly redirect all %AppData% folder writes to another drive, but I can't get it to work.
Posted: Tue May 27, 2008 9:24 am
by srod
ricardo wrote:I have some personal nigthmare story with Norton.
I too had a nightmare with that company and theirAV product. I now use AVG -which also reports a trojan with the update tool!
Posted: Tue May 27, 2008 1:33 pm
by Kaeru Gaman
some AV's heuristic interprete every DownloadFromURL-call of a non-certified app as a "Trojan"....
Sophos
Posted: Tue May 27, 2008 3:35 pm
by Ajm
This is a reply I got back this afterneen from Sophos after I submitted the update tool this morning.
It's a shame they don't all respond that quick.
Good afternoon Andy,
thank you for your email.
The file UpdateTool.exe that you sent to us for analysis is producing a false-positive report.
An IDE file that will correct this should be released on the Databank later this afternoon.
However, the file will still be detected with Suspicious detection on as Sus/UnkPacker. If so, it can be authorised.
Please do not hesitate to contact me if I can be of any further assistance.
Regards,
Karin Cowell
Sophos Technical Support
--Original Message--
From:
Date: 27/05/2008 11:00:40
To:
samples@sophos.com
Subject: File sample submitted from the Sophos website
The following file(s) was submitted on:
Tue May 27 10:00:16 2008
Posted: Tue May 27, 2008 3:49 pm
by DoubleDutch
However, the file will still be detected with Suspicious detection on as Sus/UnkPacker. If so, it can be authorised.
This seems a little unfair - they know the file is not a virus - why do they continue to say its suspicious? This kind of thing should be libelous - they are knowingly slandering the program.
Posted: Tue May 27, 2008 4:32 pm
by Inf0Byt3
Definitely outrageous! Didn't think this could ever happen. It isn't PB's fault that their analysts did a not so great job at examining the data or that compiled code between programs may look the same. This hurts PB's image IMO.
Posted: Tue May 27, 2008 5:54 pm
by DoubleDutch
Inf0Byt3 wrote: This hurts PB's image IMO.
This is exactly what I think too. If I did not trust the developers then I would think twice about using it - thus buying it. This means that they could lose sales due to what the AntiVirus tool is saying - thus (imho) they should be able to claim damages due to loss of sales and reputation.
If the antivirus authors fixed the problem without question then they could have a defense, but the attitude from this company is undefendable.
Posted: Wed Jun 11, 2008 11:06 pm
by Fred
I got response from AVG and Antivir, and both have release fixed version of their detections packages. I just tried here with the updatetool.exe, and it's no more flagged. If you still encounter such problem with a PB exe, feel free to post it, so we can mail them again.
Posted: Thu Jun 12, 2008 12:33 am
by pdwyer
I thought I was going have to port all my virus code to another language there for a moment! phew!
Posted: Thu Jun 12, 2008 1:34 am
by ricardo
In this 2 pages (maybe more exists) you can do online scan of files to see if some AV still showing any flags
http://www.virustotal.com
http://virusscan.jotti.org/
They do an online scan of uploaded files with more than 30 of the most popular AV software and five results in a matter of minutes.