Topic: Antivirus False Positives (Read 2641 times)

JimH · « **on:** August 17, 2024, 09:41:50 am »

We're seeing a number of false positive reports from antivirus software on the new MC33 download file.

Please report them to your antivirus provider.

We strongly recommend using only Windows Defender.

If you question our opinion, please visit https://www.virustotal.com/gui/home/upload and check yourself.

Or take a look at this thread: https://yabb.jriver.com/interact/index.php?topic=86096.msg588759#msg588759

kcshowman · « **Reply #1 on:** August 18, 2024, 10:33:29 pm »

VirusTotal reports that both Avast and AVG are reporting the downloaded install file as a trojan.

Awesome Donkey · « **Reply #2 on:** August 19, 2024, 07:04:59 am »

Avast and AVG are owned by the same company, so it shouldn't be a surprise that both are reporting this false positive.

JimH · « **Reply #3 on:** August 19, 2024, 07:47:26 am »

Quote from: kcshowman on August 18, 2024, 10:33:29 pm

VirusTotal reports that both Avast and AVG are reporting the downloaded install file as a trojan.

The other 66 companies say it's clean. Which side would you believe?

These companies make mistakes _all_the_time. If you're skeptical, read our thread on antivirus problems: https://yabb.jriver.com/interact/index.php?topic=86096.msg588759#msg588759

I think they look for patterns in files and patterns in behavior and then they guess.

patented_licks · « **Reply #4 on:** August 19, 2024, 11:46:56 pm »

Using the latest Windows 11 64-bit OS, trying to download MC 33 via Edge, Windows Defender took strong objection. The magic 3-dot menu option let me override the ornery Defender and grab the prize.

JimH · « **Reply #5 on:** August 20, 2024, 06:34:23 pm »

Missing files: https://yabb.jriver.com/interact/index.php/topic,139525.msg967401.html#msg967401

Avast

Awesome Donkey · « **Reply #6 on:** August 20, 2024, 06:44:44 pm »

Anyone using Avast or AVG can report the false positives here:

https://www.avast.com/report-false-positive
https://www.avg.com/en-ww/report-false-positive

Click on File and fill out the form. I would do it, but I don't have an alert ID since I don't use either product. It seems only customers of Avast or AVG can report the false positive, grrrr. Anyways...

Two of the files (JRiverASIODriver64.dll and hh_portable.dll) that Avast and AVG seem to be flagging as malicious aren't signed with JRiver's Extended Validation (EV) certificate, so that could be why it's happening (for those at least, maybe, but I'm starting to think those AVs have lousy heuristic scanning engines, IMO). Media Core Launcher.exe which during the install of MC33 is renamed to MC33.exe is signed with the EV certificate and both Avast/AVG are flagging it. Honestly this is a little mind boggling to me that they don't automatically request/pull a sample and run deeper analysis as it's signed with an EV certificate, since malware creators aren't going to buy expensive EV certs and sign malware on it, as it can be revoked so easily and it'd be a waste of an EV certificate and money.

RoyZion · « **Reply #7 on:** August 24, 2024, 11:24:42 am »

Now works; no more virus allert on download and setup (definition > 240824-1 build 24.89.9372.864)

Awesome Donkey · « **Reply #8 on:** August 24, 2024, 02:05:02 pm »

Yep, looks like Avast and AVG fixes the false positives, YAY!

INTERACT FORUM

Author Topic: Antivirus False Positives (Read 2641 times)

JimH

Antivirus False Positives

kcshowman

Re: Antivirus False Positives

Awesome Donkey

Re: Antivirus False Positives

JimH

Re: Antivirus False Positives

patented_licks

Re: Antivirus False Positives

JimH

Re: Antivirus False Positives

Awesome Donkey

Re: Antivirus False Positives

RoyZion

Re: Antivirus False Positives

Awesome Donkey

Re: Antivirus False Positives