Jump to content

Possible A False Positive On Honeyview


loskamita

Recommended Posts

Hi loskamita, I did some research and that does seem to be a legitimate file for the Honeyview image viewer. Just to make sure I even checked Virustotal's database and no info was found on this executable which is a very good sign it's legit!

 

The detection name is W32.SPERO.Cosmu.07.06.11.

 

If you wish to use the image viewer you can use the Quarantine Restore feature. Open the GUI and click on Quarantine located below and to the right of the History tab and click on the TouchURL.exe listing. Then just click on the Restore button after that. This will automatically add an exclusion to Immunet's Exclusion List. Since this .exe was using a temp file during the install process it may not be listed in Quarantine or the Restore may fail because the temporary file may no longer exist. If this happens you may have to manually type in the exact file path for Immunet's Exclusion List. After that you should be able to install the program.

 

Regards, Ritchie...

Link to comment
Share on other sites

  • 4 weeks later...

support@immunet not work on my situation, I send email to support@immunet but return failure.

I don't need to add a path exclusion because it's just a temporary file, all I have to do is switch off Immunet's realtime scan during installation.

 

In my experience, Immunet's official page is outdate, and unstable.

Link to comment
Share on other sites

If you want to temporarily stop the Immunet agent from running you can use the commands:

 

$ net stop immunetprotect

 

then to restart

 

$ net start immunetprotect

 

This will stop the detection from happening if this is what you need. We do get the occasionally false positive and our website can be super buggy, unfortunately. The email may not have worked if you tried to send the zip along with it. Gmail is picky with zip files. I'll see if I can fix the detection but for now the stop/start should help you out. Make sure you turn it back on as soon as you are done with the file

 

 

- Reg

Link to comment
Share on other sites

Thanks for your guys response.

I mean I just switch off "Monitor Program Install", "Monitor Program Start" in the setting in Immunet's gui during installation of Honeyview, then everything is ok, not so big problem.

 

But for your website, indeed it should be maintained more frequently, because it is your product-Immunet's official page, for example if someone did not have any method to send you file(no matter malicious file or false positive report) through your website, he may get upset and lose interest in your product, because not everyone willing to register an account to report things. and it's not a good thing that let ritchie58 take so many time to report everyone's question to Immunet team, that's too tired.

 

Anyway, thanks for you took a look for this problem!

Link to comment
Share on other sites

Thanks for the honorable mention loskamita, much appreciated! I do try to help out as much as I can my friend but sometimes I don't have all the answers for fellow users. That's where the expertice advice, like from Jose and other Admins, comes in handy!

 

Best wishes, Ritchie...

Link to comment
Share on other sites

The file has been fixed. Note: If it was recently detected/quarantined you will need to clear the Immunet cache as it checks that first before getting a disposition from the cloud. To clear the cache use the commands above to stop the agent then delete the 3 cache.db files in the Immunet folder under Program Files. Restart it and you should be good to install

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...