Virusbarrier For Ios Detected As Exploit.html.agent.ao

[HalBerenson]

Virusbarrier is an IOS anti-malware product from Intego (I believe they also make a product for MACos). When iTunes takes a backup of my iPad Immunet is detecting com.intego.virusbarrierspring.zip as Exploit.HTML.Agent.AO. MSE doesn't have a problem with this file and it seems unlikely that it actually contains malware. Unfortunately it is 21MB so I can't submit it to any of the multi-engine virus check sites to see what other things think nor can I attach it here.

 

Anyone else seeing this?

[ritchie58]

It sounds like Immunet is flagging Intego Virusbarrier's own definition signatures as malicious. It looks like Intego is a legitimate anti-malware company after doing some research on the web and yes they do make a anti-malware product for Mac machines as well. What you could do is put Virusbarrier's program files into Immunet's Exclusion List which would be the easiest way to go if the file is included in the software's program files. If this doesn't do it because the file is using a Temp file for instance then exclude the actual zip file as well. If Virusbarrier has an exclusion list it may not be a bad idea to exclude Immunet's program files. That way both programs will recognize each other as safe. That should do it until Virusbarrier is white flagged by an administrator.

[HalBerenson]

It sounds like Immunet is flagging Intego Virusbarrier's own definition signatures as malicious. It looks like Intego is a legitimate anti-malware company after doing some research on the web and yes they do make a anti-malware product for Mac machines as well. What you could do is put Virusbarrier's program files into Immunet's Exclusion List which would be the easiest way to go if the file is included in the software's program files. If this doesn't do it because the file is using a Temp file for instance then exclude the actual zip file as well. If Virusbarrier has an exclusion list it may not be a bad idea to exclude Immunet's program files. That way both programs will recognize each other as safe. That should do it until Virusbarrier is white flagged by an administrator.

 

Virusbarrier doesn't actually run on the PC, it is just being backed up there by iTunes. Getting around this is not an issue for me, but I worry about the user community in general. I've been recommending people add Immunet on top of their existing AM product, but the false positive rate is high enough that I may have to drop that recommendation. On every PC I've installed it on Immunet has disabled some completely valid application. In all previous cases that was the result of ClamAV generating false positives. But in this case I have ClamAV disabled.

 

Ideally Immunet will be changed to eliminate this false positive and reduce false positives overall.

[sweidre]

Ideally Immunet will be changed to eliminate this false positive and reduce false positives overall.

Hi Haroldb,

Using the latest version of Immunet Free v.3.0.3.6870, I scannnd the important drives (systemdrive+drives with setup-files) last night and Immunet only qurantined one setup- file (=false posive, I know), so I think, that the rate of false positives has really decreased! I'll hope, that other users of the new version will find the same improvement!!

I have:

Win 7 64-bit SP1

Immunet v.3.0.3. 6870 Free with ClamAV = OFF but Scan of Archive/Packed Files = ON

Cheers,

sweidre

[ritchie58]

Ok, I thought it was a software program you had installed on your PC. Still excluding that zip file that was causing the trouble does make sense.