Jump to content
hcova

False positive ransomware?

Recommended Posts

I have installed kaspersky AV and Immunet is says the showed in the below picture.

Am I infected with Ransomware.Eicar?
How is it possible that I receiving such failed quarantine?
Any help is welcome.

Regards

Hernan

image.png.443698ff99b8dec7ec25e7d4314908e5.png

Share this post


Link to post
Share on other sites

Hello Hernan, I would concur that is a FP, and no you are not infected with ransomware. Believe me, if you were, you'd already know for sure!

It appears that Immunet was attempting to quarantine Kaspersky's definition update for a EICAR ransomware test string.

EICAR test strings are used to examine an AV's efficacy by using dummy malware signatures that do no harm. Some AV vendors white-list these test strings to avoid unnecessary False Positive reports by users who don't know what they downloaded and opened the test string's compressed folder (usually zip or rar) or don't know how to properly use the strings for testing. That's their logic anyway.

One way to avoid conflicts with Immunet & your companion AV is to open the settings and add an exclusion for "Kaspersky's entire Program Files folder" with Immunet. Also do the same for Kaspersky, exclude Immunet's entire Program Files folder in it's settings. Doing this can go a long way to help avoid the situation you just encountered.

Best Wishes, Ritchie...

P. S. - I don't entirely agree with the reasoning behind AV vendors white-listing these test strings. That means a user can't actually test just how good their AV is themselves. Got something to hide maybe?

With Immunet you can't even open & unpack EICAR compressed folders once they're downloaded because they have "already been quarantined" if you have Scan Archive Files & Scan Compressed Files enabled in Settings! Immunet is that good!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×