INTERACT FORUM

Please login or register.

Login with username, password and session length
Advanced search  
Pages: [1]   Go Down

Author Topic: Malware in Media Center 22?  (Read 3063 times)

GrumpyBear

  • Recent member
  • *
  • Posts: 5
Malware in Media Center 22?
« on: October 12, 2016, 02:47:25 pm »

Emsisoft Antimalware picks up C:\Program Files (x86)\J River\Media Center 22\Media Center 22.exe as CryptoMalware and puts it in quarantine, so I can't access the program. When I tried to send it to Emsisoft, it says the file is >15MB.  So what's up?

I'm going back to 21.
Logged

JimH

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 72550
  • Where did I put my teeth?
Re: Malware in Media Center 22?
« Reply #1 on: October 12, 2016, 02:51:18 pm »

We see this from time to time but it has always been a false positive.  Please report it to the AV maker.
Logged

audioriver

  • Citizen of the Universe
  • *****
  • Posts: 514
Re: Malware in Media Center 22?
« Reply #2 on: October 12, 2016, 06:53:53 pm »

Check some of the suggested program settings, here.
Logged
Windows 10 Pro x64

Headcool

  • Junior Woodchuck
  • **
  • Posts: 70
Re: Malware in Media Center 22?
« Reply #3 on: October 13, 2016, 02:24:00 pm »

I strongly advise JRiver to sign all its binaries (including all dlls). Although JRiver doesn't ship malware, since anyone could alter an unsigned binary without anyone else noticing it, it is definitely ok for AV software to be suspicious. Signing all binaries would lead to a fewer false detections and less agressive monitoring.
It also a sign of professionality. Of 70 processes running on my PC only 8 are unsigned. MC is the only paid software that is unsigned. All other unsigned processes are Opensource projects.
Logged

JimH

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 72550
  • Where did I put my teeth?
Re: Malware in Media Center 22?
« Reply #4 on: October 13, 2016, 06:47:51 pm »

Maybe, but I think they are just looking for patterns and declare a foul if anything matches.  Why else would one build be fine and the next one not?

When it happens, it's usually only a problem for one AV program, not all.
Logged

Headcool

  • Junior Woodchuck
  • **
  • Posts: 70
Re: Malware in Media Center 22?
« Reply #5 on: October 14, 2016, 07:44:12 am »

Someone could have taken that specific build, added malicious code and spread it. Of course the original binary looks 99% the same as the malicious one. AV software should detect the malicious one and therefore the original one is collateral damage.
If your binary is signed all of the above still can happen. But a malicious modified version of your code will never have a valid certificate.
Every false positive that was detected as such will improve the reputation of your certificate. Everytime that a binary signed by your certificate runs (and does nothing malicious) will improve your reputation. Everyday that passes will improve your reputation. And if your reputation is high, it doesn't matter how closely your binaries look like malware and therefore false positives will decrease rapidly.
Since you already have a certificate (MC22.exe in System32 is signed) it should be relatively easy to sign the other binaries.

But note that even a signed binary is still a possible threat, mainly because of exploits. Therefore any technology that prevents exploits is a reason for AV software to monitor your software less aggressively and therefore minimizing incompatibilities. Such technologies include ASLR and DEP. I would recommend to enable them.
Logged
Pages: [1]   Go Up