FALSE Alarm - Avira Antivirus Professional Warns about virus in

[ConEmu]

From Cuchuk.S...@gmail.com on May 25, 2012 11:11:59

OS version: Win7 SP1 x64

I've attached picture.

Attachment: AviraGoesCrazy.png

Original issue: http://code.google.com/p/conemu-maximus5/issues/detail?id=555

[ConEmu]

From Cuchuk.S...@gmail.com on May 25, 2012 11:18:31

Check of ConEmuSetup.120417.exe succeeds.

[ConEmu]

From ConEmu.M...@gmail.com on May 25, 2012 11:51:16

Check unpacked 7z of these versions

[ConEmu]

From Cuchuk.S...@gmail.com on May 25, 2012 12:59:56

Thank you! That helped. Avira didn't showed any messages.

[ConEmu]

From ConEmu.M...@gmail.com on May 25, 2012 13:15:29

I can't do anything with false alarms of Avira. Probaly, You, as user of Avira, may contact with their tech support, and ask them, what exactly seems suspicious from their point of view. In this case, may be...

My installer was not significantly changed (only one visual bug in dialog was fixed on 09.05.2012).

BTW, did you import my certificate? https://code.google.com/p/conemu-maximus5/wiki/Certificate

[ConEmu]

From Cuchuk.S...@gmail.com on May 25, 2012 13:56:31

i will send them setup and ask to remove false alarm.

[ConEmu]

From ConEmu.M...@gmail.com on May 25, 2012 14:02:01

OK.

KIS have "cloud protection". May be Avira has something like that too.

Status: Fixed

[ConEmu]

From Cuchuk.S...@gmail.com on May 25, 2012 14:13:34

i will post what they will answer (file analyzes takes about 2 weeks).

[ConEmu]

From Cuchuk.S...@gmail.com on June 05, 2012 11:48:06

Thank you for your recent inquiry.

The present file is falsely detected by Avira AntiVir as TR/Dropper.Gen.

This is a false positive detection, which will be fixed with one of the next VDF updates from AntiVir. With this update, the file itself should not be detected anymore.

Please note that this is a generic false positive.

This means, that this false positive appears on the basis of certain unique characteristics inside the file. Therefore it is possible that similar files will also be reported with this detection.

This false positive will finally be fixed with the next engine update.

Thanks in advance.

For further questions don't hesitate to contact us. -- Freundliche Gruesse / Best regards Avira Operations GmbH & Co. KG

Bernd Kersten Consumer Services - International Services & Support

Avira Operations GmbH & Co. KG Kaplaneiweg 1, D-88069 Tettnang, Germany Internet: http://www.avira.com Geschaeftsfuehrender Gesellschafter: Tjark Auerbach Sitz der Gesellschaft: Tettnang; AG Ulm HRA 722586

ALLGEMEINE GESCHAEFTSBEDINGUNGEN Es gelten unsere Allgemeinen Geschaeftsbedingungen (AGB). Sie finden sie in der jeweils gueltigen Fassung unter:

[ConEmu]

From ConEmu.M...@gmail.com on June 05, 2012 12:09:48

Well, okay.

[ConEmu]

From ConEmu.M...@gmail.com on June 13, 2012 22:29:23

Issue 596 has been merged into this issue.

[ConEmu]

From ConEmu.M...@gmail.com on June 14, 2012 13:02:53

Issue 597 has been merged into this issue.

[ConEmu]

From ConEmu.M...@gmail.com on June 14, 2012 13:06:53

Status: Visible

[ConEmu]

From ConEmu.M...@gmail.com on June 14, 2012 13:07:52

Summary: FALSE Alarm - Avira Antivirus Professional Warns about virus in ConEmuSetup.120524a.exe

[ConEmu]

From ConEmu.M...@gmail.com on November 16, 2013 06:58:22

Issue 1343 has been merged into this issue.

[ConEmu]

From ConEmu.M...@gmail.com on November 16, 2013 06:58:36

Issue 1343 has been merged into this issue.

[ConEmu]

From ConEmu.M...@gmail.com on November 16, 2013 06:59:03

Labels: False-Alarm

[ConEmu]

From ConEmu.M...@gmail.com on November 16, 2013 06:59:58

Issue 596 has been merged into this issue.

[ConEmu]

From ConEmu.M...@gmail.com on November 16, 2013 07:00:28

Issue 597 has been merged into this issue.

[ConEmu]

From ConEmu.M...@gmail.com on November 16, 2013 07:01:19

Summary: FALSE Alarm - Avira Antivirus Professional Warns about virus in (was: FALSE Alarm - Avira Antivirus Professional Warns about virus in ConEmuSetup.120524a.exe)

[ConEmu]

From pa...@vdevices.com on November 17, 2013 10:28:12

I'm encountering the same problem. Has anyone found a fix to this?

[ConEmu]

From ConEmu.M...@gmail.com on November 17, 2013 10:53:16

Report false alarms to Avira.

Many ConEmu console-related features requires Windows API hooking. ConEmuHk wiki describes that. It's strongly not recommended totally disable them (that may cause problems), but if that is only way in your case - "howto" described in ConEmuHk#Conclusion.

[ConEmu]

From Cuchuk.S...@gmail.com on November 17, 2013 11:18:52

Yes, report version and false alarm to Avira. They will check version and add file hash to safe list. Also be on stable branches to not do this very oftern.

[ConEmu]

From Cuchuk.S...@gmail.com on November 17, 2013 11:23:57

As for hooking i suggest to extract it to separate library (which will update extremely rarely) to make Avira only once check it and add it to safe list its hash.

[ConEmu]

From ConEmu.M...@gmail.com on November 17, 2013 11:26:25

Are you sure, Avira checks only dll hash? I suppose it check executable too, no?

[ConEmu]

From ConEmu.M...@gmail.com on November 17, 2013 11:27:45

I see here ConEmu C.exe, but not a library https://conemu-maximus5.googlecode.com/issues/attachment?aid=13430000000&name=conemu+false+positive.png&token=imBcncP3wLdUjdn9b2VKBtp-hIk%3A1384716391237&inline=1

[ConEmu]

From Cuchuk.S...@gmail.com on November 17, 2013 11:27:58

i wish i could know for sure.

[ConEmu]

From Cuchuk.S...@gmail.com on November 17, 2013 11:44:55

I see here ConEmu C.exe, but not a librar Sure, process name should be shown to user for such things. Dll name will tell user nothing. But i still don't know how the process is organized.

[ConEmu]

From Cuchuk.S...@gmail.com on November 17, 2013 11:46:48

probably you right, adding dll to safe list is bad, because malicious software could use it.