search

TobiasChe / conemu-maximus5

Automatically exported from code.google.com/p/conemu-maximus5
0 stars 0 forks source link

FALSE Alarm - Avira Antivirus Professional Warns about virus in #555

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
OS version: Win7 SP1 x64

I've attached picture.

Original issue reported on code.google.com by Cuchuk.S...@gmail.com on 25 May 2012 at 6:11

Attachments:

GoogleCodeExporter commented 9 years ago 
Check of ConEmuSetup.120417.exe succeeds.

Original comment by Cuchuk.S...@gmail.com on 25 May 2012 at 6:18

GoogleCodeExporter commented 9 years ago 
Check unpacked 7z of these versions

Original comment by ConEmu.Maximus5 on 25 May 2012 at 6:51

GoogleCodeExporter commented 9 years ago 
Thank you! That helped. Avira didn't showed any messages.

Original comment by Cuchuk.S...@gmail.com on 25 May 2012 at 7:59

GoogleCodeExporter commented 9 years ago 
I can't do anything with false alarms of Avira.
Probaly, You, as user of Avira, may contact with their tech support, and ask 
them, what exactly seems suspicious from their point of view. In this case, may 
be...

My installer was not significantly changed (only one visual bug in dialog was 
fixed on 09.05.2012).

BTW, did you import my certificate?
http://code.google.com/p/conemu-maximus5/wiki/Certificate

Original comment by ConEmu.Maximus5 on 25 May 2012 at 8:15

GoogleCodeExporter commented 9 years ago 
i will send them setup and ask to remove false alarm.

Original comment by Cuchuk.S...@gmail.com on 25 May 2012 at 8:56

GoogleCodeExporter commented 9 years ago 
OK.

KIS have "cloud protection". May be Avira has something like that too.

Original comment by ConEmu.Maximus5 on 25 May 2012 at 9:02

GoogleCodeExporter commented 9 years ago 
i will post what they will answer (file analyzes takes about 2 weeks).

Original comment by Cuchuk.S...@gmail.com on 25 May 2012 at 9:13

GoogleCodeExporter commented 9 years ago 
Thank you for your recent inquiry.

The present file is falsely detected by Avira AntiVir as TR/Dropper.Gen.

This is a false positive detection, which will be fixed with one of the next 
VDF updates from AntiVir. With this update, the file itself should not be 
detected anymore.

Please note that this is a generic false positive.

This means, that this false positive appears on the basis of certain unique 
characteristics inside the file. Therefore it is possible that similar files 
will also be reported with this detection.

This false positive will finally be fixed with the next engine update.

Thanks in advance.

For further questions don't hesitate to contact us.
-- 
Freundliche Gruesse / Best regards
Avira Operations GmbH & Co. KG

Bernd Kersten
Consumer Services - International Services & Support

Avira Operations GmbH & Co. KG
Kaplaneiweg 1, D-88069 Tettnang, Germany
Internet: http://www.avira.com

Geschaeftsfuehrender Gesellschafter: Tjark Auerbach
Sitz der Gesellschaft: Tettnang; AG Ulm HRA 722586
----------------------------------------------------------------------
ALLGEMEINE GESCHAEFTSBEDINGUNGEN
Es gelten unsere Allgemeinen Geschaeftsbedingungen (AGB).
Sie finden sie in der jeweils gueltigen Fassung unter:

Original comment by Cuchuk.S...@gmail.com on 5 Jun 2012 at 6:48

GoogleCodeExporter commented 9 years ago 
Well, okay.

Original comment by ConEmu.Maximus5 on 5 Jun 2012 at 7:09

GoogleCodeExporter commented 9 years ago 
Issue 596 has been merged into this issue.

Original comment by ConEmu.Maximus5 on 14 Jun 2012 at 5:29

GoogleCodeExporter commented 9 years ago 
Issue 597 has been merged into this issue.

Original comment by ConEmu.Maximus5 on 14 Jun 2012 at 8:02

GoogleCodeExporter commented 9 years ago

Original comment by ConEmu.Maximus5 on 14 Jun 2012 at 8:06

GoogleCodeExporter commented 9 years ago

Original comment by ConEmu.Maximus5 on 14 Jun 2012 at 8:07

GoogleCodeExporter commented 9 years ago 
Issue 1343 has been merged into this issue.

Original comment by ConEmu.Maximus5 on 16 Nov 2013 at 2:58

GoogleCodeExporter commented 9 years ago 
Issue 1343 has been merged into this issue.

Original comment by ConEmu.Maximus5 on 16 Nov 2013 at 2:58

GoogleCodeExporter commented 9 years ago

Original comment by ConEmu.Maximus5 on 16 Nov 2013 at 2:59

GoogleCodeExporter commented 9 years ago 
Issue 596 has been merged into this issue.

Original comment by ConEmu.Maximus5 on 16 Nov 2013 at 2:59

GoogleCodeExporter commented 9 years ago 
Issue 597 has been merged into this issue.

Original comment by ConEmu.Maximus5 on 16 Nov 2013 at 3:00

GoogleCodeExporter commented 9 years ago

Original comment by ConEmu.Maximus5 on 16 Nov 2013 at 3:01

GoogleCodeExporter commented 9 years ago 
I'm encountering the same problem. Has anyone found a fix to this?

Original comment by pa...@vdevices.com on 17 Nov 2013 at 6:28

GoogleCodeExporter commented 9 years ago 
Report false alarms to Avira.

Many ConEmu console-related features requires Windows API hooking. ConEmuHk 
wiki describes that. It's strongly not recommended totally disable them (that 
may cause problems), but if that is only way in your case - "howto" described 
in ConEmuHk#Conclusion.

Original comment by ConEmu.Maximus5 on 17 Nov 2013 at 6:53

GoogleCodeExporter commented 9 years ago 
Yes, report version and false alarm to Avira.
They will check version and add file hash to safe list.
Also be on stable branches to not do this very oftern.

Original comment by Cuchuk.S...@gmail.com on 17 Nov 2013 at 7:18

GoogleCodeExporter commented 9 years ago 
As for hooking i suggest to extract it to separate library (which will update 
extremely rarely) to make Avira only once check it and add it to safe list its 
hash.

Original comment by Cuchuk.S...@gmail.com on 17 Nov 2013 at 7:23

GoogleCodeExporter commented 9 years ago 
Are you sure, Avira checks only dll hash? I suppose it check executable too, no?

Original comment by ConEmu.Maximus5 on 17 Nov 2013 at 7:26

GoogleCodeExporter commented 9 years ago 
I see here ConEmuC.exe, but not a library
https://conemu-maximus5.googlecode.com/issues/attachment?aid=13430000000&name=co
nemu+false+positive.png&token=imBcncP3wLdUjdn9b2VKBtp-hIk%3A1384716391237&inline
=1

Original comment by ConEmu.Maximus5 on 17 Nov 2013 at 7:27

GoogleCodeExporter commented 9 years ago 
i wish i could know for sure.

Original comment by Cuchuk.S...@gmail.com on 17 Nov 2013 at 7:27

GoogleCodeExporter commented 9 years ago 
> I see here ConEmuC.exe, but not a librar
Sure, process name should be shown to user for such things. Dll name will tell 
user nothing.
But i still don't know how the process is organized.

Original comment by Cuchuk.S...@gmail.com on 17 Nov 2013 at 7:44

GoogleCodeExporter commented 9 years ago 
probably you right, adding dll to safe list is bad, because malicious software 
could use it.

Original comment by Cuchuk.S...@gmail.com on 17 Nov 2013 at 7:46