A Couple False Positives

jamiedolan · October 21, 2011

The software from this web site is generating a false positive; he even has a page about this problem: http://www.nirsoft.net/false_positive_report.html

It also generated a false positive for Home Key Logger. This is not a virus:

http://www.kmint21.com/keylogger/

Info about it on Cnet:

http://download.cnet.com/Home-Keylogger/3000-2092_4-10114196.html

Thought I can see why both of these programs could look very suspicious, they have very legitimate uses on workplace computers, monitoring children's use of computers and the way I use them, just to make sure that I don't loose anything that I write.

Jamie

ritchie58 · October 21, 2011

Hi Jamie, if you are sure these are false positives there are a couple steps you can take to correct this. Open the GUI and click on History. From there you have the option to delete or you can restore the file(s) in question from Quarantine which will automatically move them to your Exclusion List which is located in Settings. If you have problems restoring the file(s) from Quarantine you can manually add the software's Program Files folder to the Exclusion List. This should work until the software is white-listed by the Immunet staff. What exactly is the name of the Nirsoft software in question as there are a number of utilities and tools listed at the link you provided?

sweidre · October 22, 2011

The software from this web site is generating a false positive; he even has a page about this problem: http://www.nirsoft.n...ive_report.html

It also generated a false positive for Home Key Logger. This is not a virus:

http://www.kmint21.com/keylogger/

Info about it on Cnet:

http://download.cnet...4-10114196.html

Thought I can see why both of these programs could look very suspicious, they have very legitimate uses on workplace computers, monitoring children's use of computers and the way I use them, just to make sure that I don't loose anything that I write.

Jamie

Thanks Jamie for the info! I hope, that an admin or a mod of Immunet will report this to the Immunet cloud, so the cloud database will be updated for all users about this. If an Immunet staff member will not visit this thread, please, send an email to support@immunet.com with your info above! Thanks & Cheers, sweidre

ritchie58 · October 22, 2011

Normally a keylogger is "NOT" a good thing. So I can see why most AV's would flag this as a FP..

sweidre · October 22, 2011

Hi,

Take care about Keyloggers! Read what Wikipedia is writing about Keyloggers:

Keystroke logging

1. http://en.wikipedia.org/wiki/Keystroke_logging

2. http://en.wikipedia.org/wiki/Talk:Keystroke_logging

Cheers, sweidre

sweidre · October 22, 2011

Normally a keylogger is "NOT" a good thing. So I can see why most AV's would flag this as a FP..

Hi,

A minor correction: Most AV's flag keyloggers as MALWARES (Not False Positives!)

Cheers, sweidre

ritchie58 · October 23, 2011

In Jamie's case he deliberately installed a legitimate key-logger for future reference purposes which would be a false positive where in any other circumstance it is indeed malware.

sweidre · October 23, 2011

In Jamie's case he deliberately installed a legitimate key-logger for future reference purposes which would be a false positive where in any other circumstance it is indeed malware.

Hi,

In this case, I think Immunet staff should look into this matter! If a person wants to have a key-logger installed is one thing, but the important thing is that this key-logger will not be spread to and infect others (eg. members is this forum). Nobody, but FBI, has the right to key-log others. We have to consider the security of the whole Immunet community, in fact! ( = almost 2 million users out there using the same cloud database!) Cheers, sweidre

sweidre · October 23, 2011

Hi again,

My opinion is the following regarding a unknown keylogger:

1. The keylogger should be reported as a malware to Immunet cloud database (to be on the safe side)

2. Jamie might in his computer put the keylogger on the exclusion list of his Immunet software (provided, that he has full confidence in his keylogger. Jamie bear the risk himself to 100%)

Next step is to send the keylogger as a compressed zip- or 7z-file as an attachment in an email to support@immunet.com for analysis.

If the Immunet analysis gives the result, that the keylogger is a malware the measures will be as above:

1. The keylogger should be reported as a malware to Immunet cloud database (Immunet Laboratory will automatically take this measure)

2. Jamie might in his computer put the keylogger on the exclusion list of his Immunet software (provided, that he has full confidence in his keylogger. Jamie bear the risk himself to 100%)

If the analysis gives the result, that the keylogger is a false positive the following measures will be taken:

1. The keylogger should be reported as a false positive to Immunet cloud database (Immunet Laboratory will automatically take this measure)

2. Jamie does not have to have his keylogger on the exclusion list any longer, because all Immunet scans will now accept the keylogger as benign (= false positive)

As I know, that the Immunet routines of malware/false positive have changed (at least regarding the email report address to Immunet), I prefer that an Immunet admin will confirm that the routine is now as described above. Then I want to get a message by an Immunet admin, if a keylogger can contaminate other computers thru "My Community" or thru the cloud database. (I want to have a reply regarding this, because I take keyloggers very seriously. A keylogger trojan in my computer might record to the outside owner of that trojan all my keystrokes regarding my bank visits (including my username, password, civic number and bank account number and all my bank transactions. Of course, the owner of the keylogger trojan can withdraw all my bank deposits! (Keyloggers and screenreaders are the worst trojans we can have in our computers! Period.)

Cheers,

sweidre

PS. I will thank Jamie for highlighting this very important security/privacy issue! I think, that we too often regard quarantined files in our own computers as false positives! Previously Immunet reported too many false positives, so we all regarded all qurantined files as false positives. That is history now! The detection engines of Immunet have really improved, and false positives are nowadays very seldom reported! My credits to Immunet regarding this! DS

sweidre · October 24, 2011

Hi,

Trojan Hunter (software by Misec) is a not malicious keylogger ( = false positive )

Just for info! Some good Anti-Malware softwares are using Keyloggers to fight Keylogger Trojans. Long time ago, when I used Win XP my software Emsisoft Anti-Malware (then called "a2square") reported the software Trojan Hunter (developed by Misec) as a malware (keylogger). I reported this in an email to the supplier Misec and I received an answer back from Misec like this: "Correct, Trojan Hunter is a keylogger. We have to let Trojan Hunter to act as a keylogger to recognize and eliminate malicious keylogger trojans. But do not worry, Trojan Hunter is not using its keylogger feature in a malicious way, but we must fight some malwares by using their own methods". So we can say, that some keyloggers might be False Positives! (Personally, I am not using Trojan Hunter any longer, because I have better Anti-Malware softwares today in my Win 7 64-bit computer! Cheers, sweidre

Sign In

A Couple False Positives

Recommended Posts

jamiedolan

Link to comment

Share on other sites

ritchie58

Link to comment

Share on other sites

sweidre

Link to comment

Share on other sites

ritchie58

Link to comment

Share on other sites

sweidre

Link to comment

Share on other sites

sweidre

Link to comment

Share on other sites

ritchie58

Link to comment

Share on other sites

sweidre

Link to comment

Share on other sites

sweidre

Link to comment

Share on other sites

sweidre

Link to comment

Share on other sites

Archived

Browse

Activity