Jump to content
jamiedolan

A Couple False Positives

Recommended Posts

The software from this web site is generating a false positive; he even has a page about this problem: http://www.nirsoft.net/false_positive_report.html

 

It also generated a false positive for Home Key Logger. This is not a virus:

 

http://www.kmint21.com/keylogger/

 

Info about it on Cnet:

http://download.cnet.com/Home-Keylogger/3000-2092_4-10114196.html

 

Thought I can see why both of these programs could look very suspicious, they have very legitimate uses on workplace computers, monitoring children's use of computers and the way I use them, just to make sure that I don't loose anything that I write.

 

Jamie

  • Like 1

Share this post


Link to post
Share on other sites

Hi Jamie, if you are sure these are false positives there are a couple steps you can take to correct this. Open the GUI and click on History. From there you have the option to delete or you can restore the file(s) in question from Quarantine which will automatically move them to your Exclusion List which is located in Settings. If you have problems restoring the file(s) from Quarantine you can manually add the software's Program Files folder to the Exclusion List. This should work until the software is white-listed by the Immunet staff. What exactly is the name of the Nirsoft software in question as there are a number of utilities and tools listed at the link you provided?

Share this post


Link to post
Share on other sites

The software from this web site is generating a false positive; he even has a page about this problem: http://www.nirsoft.n...ive_report.html

It also generated a false positive for Home Key Logger. This is not a virus:

http://www.kmint21.com/keylogger/

Info about it on Cnet:

http://download.cnet...4-10114196.html

Thought I can see why both of these programs could look very suspicious, they have very legitimate uses on workplace computers, monitoring children's use of computers and the way I use them, just to make sure that I don't loose anything that I write.

Jamie

Thanks Jamie for the info! I hope, that an admin or a mod of Immunet will report this to the Immunet cloud, so the cloud database will be updated for all users about this. If an Immunet staff member will not visit this thread, please, send an email to support@immunet.com with your info above! Thanks & Cheers, sweidre

Share this post


Link to post
Share on other sites

Normally a keylogger is "NOT" a good thing. So I can see why most AV's would flag this as a FP..

Hi,

A minor correction: Most AV's flag keyloggers as MALWARES (Not False Positives!)

Cheers, sweidre

Share this post


Link to post
Share on other sites

In Jamie's case he deliberately installed a legitimate key-logger for future reference purposes which would be a false positive where in any other circumstance it is indeed malware.

Share this post


Link to post
Share on other sites

In Jamie's case he deliberately installed a legitimate key-logger for future reference purposes which would be a false positive where in any other circumstance it is indeed malware.

Hi,

In this case, I think Immunet staff should look into this matter! If a person wants to have a key-logger installed is one thing, but the important thing is that this key-logger will not be spread to and infect others (eg. members is this forum). Nobody, but FBI, has the right to key-log others. We have to consider the security of the whole Immunet community, in fact! ( = almost 2 million users out there using the same cloud database!) Cheers, sweidre

Share this post


Link to post
Share on other sites

Hi again,

My opinion is the following regarding a unknown keylogger:

1. The keylogger should be reported as a malware to Immunet cloud database (to be on the safe side)

2. Jamie might in his computer put the keylogger on the exclusion list of his Immunet software (provided, that he has full confidence in his keylogger. Jamie bear the risk himself to 100%)

Next step is to send the keylogger as a compressed zip- or 7z-file as an attachment in an email to support@immunet.com for analysis.

If the Immunet analysis gives the result, that the keylogger is a malware the measures will be as above:

1. The keylogger should be reported as a malware to Immunet cloud database (Immunet Laboratory will automatically take this measure)

2. Jamie might in his computer put the keylogger on the exclusion list of his Immunet software (provided, that he has full confidence in his keylogger. Jamie bear the risk himself to 100%)

If the analysis gives the result, that the keylogger is a false positive the following measures will be taken:

1. The keylogger should be reported as a false positive to Immunet cloud database (Immunet Laboratory will automatically take this measure)

2. Jamie does not have to have his keylogger on the exclusion list any longer, because all Immunet scans will now accept the keylogger as benign (= false positive)

As I know, that the Immunet routines of malware/false positive have changed (at least regarding the email report address to Immunet), I prefer that an Immunet admin will confirm that the routine is now as described above. Then I want to get a message by an Immunet admin, if a keylogger can contaminate other computers thru "My Community" or thru the cloud database. (I want to have a reply regarding this, because I take keyloggers very seriously. A keylogger trojan in my computer might record to the outside owner of that trojan all my keystrokes regarding my bank visits (including my username, password, civic number and bank account number and all my bank transactions. Of course, the owner of the keylogger trojan can withdraw all my bank deposits! (Keyloggers and screenreaders are the worst trojans we can have in our computers! Period.)

Cheers,

sweidre

PS. I will thank Jamie for highlighting this very important security/privacy issue! I think, that we too often regard quarantined files in our own computers as false positives! Previously Immunet reported too many false positives, so we all regarded all qurantined files as false positives. That is history now! The detection engines of Immunet have really improved, and false positives are nowadays very seldom reported! My credits to Immunet regarding this! DS

Share this post


Link to post
Share on other sites

Hi,

Trojan Hunter (software by Misec) is a not malicious keylogger ( = false positive )

Just for info! Some good Anti-Malware softwares are using Keyloggers to fight Keylogger Trojans. Long time ago, when I used Win XP my software Emsisoft Anti-Malware (then called "a2square") reported the software Trojan Hunter (developed by Misec) as a malware (keylogger). I reported this in an email to the supplier Misec and I received an answer back from Misec like this: "Correct, Trojan Hunter is a keylogger. We have to let Trojan Hunter to act as a keylogger to recognize and eliminate malicious keylogger trojans. But do not worry, Trojan Hunter is not using its keylogger feature in a malicious way, but we must fight some malwares by using their own methods". So we can say, that some keyloggers might be False Positives! (Personally, I am not using Trojan Hunter any longer, because I have better Anti-Malware softwares today in my Win 7 64-bit computer! Cheers, sweidre

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...