Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[GrumpyBear]

Emsisoft Antimalware picks up C:\Program Files (x86)\J River\Media Center 22\Media Center 22.exe as CryptoMalware and puts it in quarantine, so I can't access the program. When I tried to send it to Emsisoft, it says the file is >15MB.  So what's up?

I'm going back to 21.

[JimH]

We see this from time to time but it has always been a false positive.  Please report it to the AV maker.

[audioriver]

Check some of the suggested program settings, here.

[Headcool]

I strongly advise JRiver to sign all its binaries (including all dlls). Although JRiver doesn't ship malware, since anyone could alter an unsigned binary without anyone else noticing it, it is definitely ok for AV software to be suspicious. Signing all binaries would lead to a fewer false detections and less agressive monitoring.
It also a sign of professionality. Of 70 processes running on my PC only 8 are unsigned. MC is the only paid software that is unsigned. All other unsigned processes are Opensource projects.

[JimH]

Maybe, but I think they are just looking for patterns and declare a foul if anything matches.  Why else would one build be fine and the next one not?

When it happens, it's usually only a problem for one AV program, not all.

[Headcool]

Someone could have taken that specific build, added malicious code and spread it. Of course the original binary looks 99% the same as the malicious one. AV software should detect the malicious one and therefore the original one is collateral damage.
If your binary is signed all of the above still can happen. But a malicious modified version of your code will never have a valid certificate.
Every false positive that was detected as such will improve the reputation of your certificate. Everytime that a binary signed by your certificate runs (and does nothing malicious) will improve your reputation. Everyday that passes will improve your reputation. And if your reputation is high, it doesn't matter how closely your binaries look like malware and therefore false positives will decrease rapidly.
Since you already have a certificate (MC22.exe in System32 is signed) it should be relatively easy to sign the other binaries.

But note that even a signed binary is still a possible threat, mainly because of exploits. Therefore any technology that prevents exploits is a reason for AV software to monitor your software less aggressively and therefore minimizing incompatibilities. Such technologies include ASLR and DEP. I would recommend to enable them.