Possible False Positive (virus) for prebuilt driver binary?

[duaneellissd]

The IT dept where I work - requires that they pass all packages through www.virustotal.com before we can use them internally - end of story - full stop - I can't change this.

When our IT dept does this, the file/link:

https://build.openvpn.net/downloads/releases/tap-windows-9.24.2-I601-Win10.exe

Reports virus hit - for or with "Secure Age APEX - ! Malicious"

yes - I am aware that this could very well be a false positive, my only solution is to report it up the chain of command for the outside package hoping that it can be addressed by the powers that be in that project.

Hence I'm reporting this - if you can please provide an update when available that would be helpful.

Thanks

[schwabe]

The link https://www.virustotal.com/gui/file/1782d56568092e8fba575fe7e11b2e86f04518f40a18a4ce594bd1209e0cb547/detection is and the false positive of Secure Age Apex is annoying but without more details we also cannot do much about it. The tap driver and its installer have been more or less the same for many years now. And a new engine now reporting it malicious is on the engine.

Also the policy of your IT department that is nothing we can change. It seem to have a good intention but completely blocking something for an obvious false positive without a way to overrule the policy seems like an overly strict implementation of it. I would suggest talking to your IT department instead. If you really want to go up the chain, you need to talk to whoever builds "Secure Age APEX" instead of us.

[duaneellissd]

Sigh... perhaps the automated build system here could - auto submit / test the packages when they are being built as part of the release process in some automated way.

[schwabe]

And then do what? We have also absolutely no idea why are being flagged by that engine and even less of an idea how to resolve that. Sure we can do a lot of random things that might or might fix the problem of misdetection but a false positive from an obscure scanner engine is not something we want to waste our time on. If we were being flagged by a lot of engines that would be something worth investigating.

[cron2]

Hi,

On Wed, Mar 18, 2020 at 06:07:22PM -0700, duaneellissd wrote:

Sigh... perhaps the automated build system here could - auto submit / test the packages when they are being built as part of the release process in some automated way.

Said package was built quite a while ago, and not reported by any scanner on virustotal back then. We can't upload everything once a week to catch new scanners starting to report positive on old binaries.

gert

-- "If was one thing all people took for granted, was conviction that if you feed honest figures into a computer, honest figures come out. Never doubted it myself till I met a computer with a sense of humor." Robert A. Heinlein, The Moon is a Harsh Mistress

Gert Doering - Munich, Germany gert@greenie.muc.de

[duaneellissd]

schwabe>> even less of an idea how to resolve that

It's not the first time I've come across these things. The normal process for just about all virus scanners is to submit the false positive via a link on their support page, we did exactly that last week - it takes a few days and they cleared the issue. As impatient as we can be, you have to wait for the process to complete.

It seems to no longer report.