Jump to content
loskamita

Possible A False Positive On Honeyview

Recommended Posts

Hi loskamita, I did some research and that does seem to be a legitimate file for the Honeyview image viewer. Just to make sure I even checked Virustotal's database and no info was found on this executable which is a very good sign it's legit!

 

The detection name is W32.SPERO.Cosmu.07.06.11.

 

If you wish to use the image viewer you can use the Quarantine Restore feature. Open the GUI and click on Quarantine located below and to the right of the History tab and click on the TouchURL.exe listing. Then just click on the Restore button after that. This will automatically add an exclusion to Immunet's Exclusion List. Since this .exe was using a temp file during the install process it may not be listed in Quarantine or the Restore may fail because the temporary file may no longer exist. If this happens you may have to manually type in the exact file path for Immunet's Exclusion List. After that you should be able to install the program.

 

Regards, Ritchie...

Share this post


Link to post
Share on other sites

Immunet still detect TouchURL.exe, I think Immunet team did not check this yet, can you report to them again? because I have reported to Immunet official page and their email but both not work, seems their web page and mail have problem, thank you.

Share this post


Link to post
Share on other sites

Try using this URL: support@immunet.com if you continue to have issues. Did you add a complete file path exclusion for that file and it's still being quarantined?

Share this post


Link to post
Share on other sites

support@immunet not work on my situation, I send email to support@immunet but return failure.

I don't need to add a path exclusion because it's just a temporary file, all I have to do is switch off Immunet's realtime scan during installation.

 

In my experience, Immunet's official page is outdate, and unstable.

Share this post


Link to post
Share on other sites

If you want to temporarily stop the Immunet agent from running you can use the commands:

 

$ net stop immunetprotect

 

then to restart

 

$ net start immunetprotect

 

This will stop the detection from happening if this is what you need. We do get the occasionally false positive and our website can be super buggy, unfortunately. The email may not have worked if you tried to send the zip along with it. Gmail is picky with zip files. I'll see if I can fix the detection but for now the stop/start should help you out. Make sure you turn it back on as soon as you are done with the file

 

 

- Reg

Share this post


Link to post
Share on other sites

Thanks for your guys response.

I mean I just switch off "Monitor Program Install", "Monitor Program Start" in the setting in Immunet's gui during installation of Honeyview, then everything is ok, not so big problem.

 

But for your website, indeed it should be maintained more frequently, because it is your product-Immunet's official page, for example if someone did not have any method to send you file(no matter malicious file or false positive report) through your website, he may get upset and lose interest in your product, because not everyone willing to register an account to report things. and it's not a good thing that let ritchie58 take so many time to report everyone's question to Immunet team, that's too tired.

 

Anyway, thanks for you took a look for this problem!

Share this post


Link to post
Share on other sites

Thanks for the honorable mention loskamita, much appreciated! I do try to help out as much as I can my friend but sometimes I don't have all the answers for fellow users. That's where the expertice advice, like from Jose and other Admins, comes in handy!

 

Best wishes, Ritchie...

Share this post


Link to post
Share on other sites

rsmith, Seems the false positive not solve yet, does it like the false positive of Kaspersky's Tdsskiller which difficult to fix? I want to know in regular how many days will consume to get false positive solved?

Share this post


Link to post
Share on other sites

The file has been fixed. Note: If it was recently detected/quarantined you will need to clear the Immunet cache as it checks that first before getting a disposition from the cloud. To clear the cache use the commands above to stop the agent then delete the 3 cache.db files in the Immunet folder under Program Files. Restart it and you should be good to install

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×