RepairUnit3k6 Posted August 14, 2021 Report Share Posted August 14, 2021 Downloaded from official website https://www.kaspersky.com/downloads/thank-you/free-virus-removal-tool, Immunet version 7.4.4.20633 falsely flagged KVRT.exe as Clam.Win.Malware.Emotet-6691278-0. Scanned by VitusTotal, file was completely clear https://www.virustotal.com/gui/file/f12c6654c8b17cacd1c157c65523bf617fc5bfd9832fcf22ac4f8d3a2940035b/detection. File in question is antivirus tool by itself which may and may not have something to do with it -3k6 KVRT.exe Link to comment Share on other sites More sharing options...
ritchie58 Posted August 14, 2021 Report Share Posted August 14, 2021 Hello 3k6, "I believe this is 'definitely' a FP!" Since this is a False Positive created by the ClamAV module I would highly suggest you submit a FP report directly to the devs at ClamAV. Here's a link where you can do just that. https://www.clamav.net/reports/fp Also, you can report this directly to the Immunet dev team at this link too. https://www.immunet.com/false_positive Did you try to restore the .exe from Immunet's Quarantine list yet? If not, give that a try. First open the UI -> click on the underlined word Quarantine located below & to the right of the History tab -> locate & click on the .exe file in the right side Details dialog box -> choose the 'Restore' option. That will automatically move the .exe to Immunet's Exclusion list. If the .exe creates a 'Program Files' folder in that OS directory, another option would be to create a custom Exclusion rule for the 'entire Program Files folder' if just excluding the .exe doesn't work. Regards, Ritchie... Link to comment Share on other sites More sharing options...
RepairUnit3k6 Posted August 14, 2021 Author Report Share Posted August 14, 2021 1 hour ago, ritchie58 said: Hello 3k6, "I believe this is 'definitely' a FP!" Since this is a False Positive created by the ClamAV module I would highly suggest you submit a FP report directly to the devs at ClamAV. Here's a link where you can do just that. https://www.clamav.net/reports/fp Also, you can report this directly to the Immunet dev team at this link too. https://www.immunet.com/false_positive Did you try to restore the .exe from Immunet's Quarantine list yet? If not, give that a try. First open the UI -> click on the underlined word Quarantine located below & to the right of the History tab -> locate & click on the .exe file in the right side Details dialog box -> choose the 'Restore' option. That will automatically move the .exe to Immunet's Exclusion list. If the .exe creates a 'Program Files' folder in that OS directory, another option would be to create a custom Exclusion rule for the 'entire Program Files folder' if just excluding the .exe doesn't work. Regards, Ritchie... Greetings Ritchie and thank you for answer. I did actually tried https://www.immunet.com/false_positive but when I clicked submit it showed me error. I'm using Brave browser version 1.28.105. There was no reason to restore file from quarantine since quarantine failed as software was currently in use. Since KVRT is antivirus software as well, I assume it is prevented from shutting down by other programs as viruses could do that to prevent detection. I will report to ClamAV directly. Thank you for your time -3k6 Link to comment Share on other sites More sharing options...
ritchie58 Posted August 14, 2021 Report Share Posted August 14, 2021 Sorry about that! The site was down for a while but I thought Immunet's FP reporting site was fixed & functional again. Bummer! Until I hear the site is actually fixed I won't be suggesting that option again. This is something I wish a support/dev person would get involved in but that rarely happens these days. Immunet just doesn't get the support or funding it once did regrettably. Link to comment Share on other sites More sharing options...
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now