False positive

Reply
Highlighted
L0 Member

False positive

Hi,

We are facing some false positive issues in the software we develop. Here is a link to download a sample installer and also individual content:
https://cp.sync.com/dl/f0ef29c20#hnvbmt7r-zbpvwdaa-qc6feknz-ks834c37
https://cp.sync.com/dl/d4f2b98c0#9bi8w8ve-st3xx7fd-3e4hr9mi-9k5j6gyq
 
We think this could have been caused by the use of an EXE protector/packer/antidebug/anti-tampering
Unfortunately we can't stop using it for security reasons but we digitally sign all the installers and files, so we hope you can whitelist our digital signature, since this is causing many reputation issues to our company and negatively affecting to our relation with customers.
 
Here you have links to the report of both files on VirusTotal:
https://www.virustotal.com/#/file/f221e67a88d8b72dae0901e22356a5e5231485f8f40679 1e0895fbe63e8199b8/detection
https://www.virustotal.com/#/file/afc4aff64a02d2f697d8ca413984524524c819a4667d9a ce9bfed45ed589ecfe/detection
 
Thank you very much in advance.
If you should need any further details or contact information, please do not hesitate to contact me.

Highlighted
L7 Applicator

Submitted analysis for 

f221e67a88d8b72dae0901e22356a5e5231485f8f406791e0895fbe63e8199b8

 

afc4aff64a02d2f697d8ca413984524524c819a4667d9ace9bfed45ed589ecfe is the sha256 of the ZIP files. We don't create verdicts or signatures for ZIP files. That file is being blocked due to file inside being found to be malware: 

FeasaTerminal.exe with sha256 

decd12804e4781be496b6451460bf89f51a215e609775dd31052fbb4c8d8a900.

 

I'm submitting 

decd12804e4781be496b6451460bf89f51a215e609775dd31052fbb4c8d8a900 separatelly for analysis.

 

If these are found to be Benign, the associated signature will get disabled within the next 3 business days.

Highlighted
L7 Applicator

The following samples were changed to a Benign verdict:

 

f221e67a88d8b72dae0901e22356a5e5231485f8f406791e0895fbe63e8199b8

decd12804e4781be496b6451460bf89f51a215e609775dd31052fbb4c8d8a900

 

The change will reflect in tomorrow's Antivirus release.

Your digital signatur will be added to our trusted signer list.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!