False Positive W32.spero.generic-091 For Serenjisentry.exe

[johnm]

This morning my 2.0.14.139 ClamAV-branded installation of Immunet Protect quarantined a file named SerenjiSentry.exe. I am absolutely sure this is a false positive, since I am Senior Product Engineer at the company where this file originates. Serenji is a product of George James Software (www.georgejames.com).

 

It must be a new detection, since the exe has been present and running on my PC since long before I installed Immunet Protect.

 

Please correct this.

 

Thank you.

 

John Murray

[Guest Orlando]

This morning my 2.0.14.139 ClamAV-branded installation of Immunet Protect quarantined a file named SerenjiSentry.exe. I am absolutely sure this is a false positive, since I am Senior Product Engineer at the company where this file originates. Serenji is a product of George James Software (www.georgejames.com).

 

It must be a new detection, since the exe has been present and running on my PC since long before I installed Immunet Protect.

 

Please correct this.

 

Thank you.

 

John Murray

 

There are several ways to report a FP.

 

The quickest way is this:

Go to this page http://www.immunet.com/contact/index.html go down and choose: "report false positives" and finally send the file.

 

Other methods (most uncomfortable for both, but useful in case one goes down):

1 - Post the file here if it is not too large;

2 - Send it to support@immunet.com with a brief explanation.

 

Thanks for the support,

Orlando

[johnm]

Thanks. I'd meant to attach the file on my original posting, but forgot. I've submitted it along with the report via the webpage.

 

John

[millard@immunet.com]

Serenjisentry.exe has been white listed.

--Millard

[Guest Jean-Claude Bilodeau]

Scans here seems to detect a lot of viruses, they are all quarantined but I'm wondering if it's not a false alert ?

 

W32.spero.generic-091

W32.spero.startpage 0907

 

Can anyone advise if these are false positives ?

 

Thanks

[alfred]

Scans here seems to detect a lot of viruses, they are all quarantined but I'm wondering if it's not a false alert ?

 

W32.spero.generic-091

W32.spero.startpage 0907

 

Can anyone advise if these are false positives ?

 

Thanks

 

 

Hi,

 

The detection names themselves are not really enough to help us define if the detections you received are false positives or not. You can post the files, or you can send a support snapshot (http://support.immunet.com/tiki-read_article.php?articleId=10) to support@immunet.com and we can diagnose it there.

 

Regards,

al

[Guest Don B]

I have a screen saver that I created myself and has been running on one of my computers for a couple of years. This morning Immunet flagged it as a virus it called W32.SPERO.VAC.0915

 

The screen saver file would be quite large to upload here, it's 129 meg. The file was created using Ifanview from jpg pictures of flowers I took.

 

Don

[Guest Orlando]

I have a screen saver that I created myself and has been running on one of my computers for a couple of years. This morning Immunet flagged it as a virus it called W32.SPERO.VAC.0915

 

The screen saver file would be quite large to upload here, it's 129 meg. The file was created using Ifanview from jpg pictures of flowers I took.

 

Don

 

As I have said the procedure is as follows:

 

There are several ways to report a FP.

 

The quickest way is this:

Go to this page http://www.immunet.c...tact/index.html go down and choose: "report false positives" and finally send the file.

 

Other methods (most uncomfortable for both, but useful in case one goes down):

1 - Post the file here if it is not too large;

2 - Send it to support@immunet.com with a brief explanation.

 

Knowing the name recognition does not help us to identify the FP.

 

Orlando

[alfred]

I have a screen saver that I created myself and has been running on one of my computers for a couple of years. This morning Immunet flagged it as a virus it called W32.SPERO.VAC.0915

 

The screen saver file would be quite large to upload here, it's 129 meg. The file was created using Ifanview from jpg pictures of flowers I took.

 

Don

 

 

Don,

 

We can fix this without you needing to send all 129 megs to us. If you download a fingerprint tool called md5deep 3.6 and run one of it's binaries on your screen saver for us. You can grab this tool at:

 

http://sourceforge.net/projects/md5deep/files/md5deep/md5deep-3.6/md5deep-3.6.zip/download

 

This will give you a zip file with a series of hashtools in it. You want to run sha256deep.exe against your binary. It will spit out s sha56 checksum to you. If you can post that checksum here I can whitelist your app.

 

Best,

alfred

[xarc]

Don,

 

We can fix this without you needing to send all 129 megs to us. If you download a fingerprint tool called md5deep 3.6 and run one of it's binaries on your screen saver for us. You can grab this tool at:

 

http://sourceforge.net/projects/md5deep/files/md5deep/md5deep-3.6/md5deep-3.6.zip/download

 

This will give you a zip file with a series of hashtools in it. You want to run sha256deep.exe against your binary. It will spit out s sha56 checksum to you. If you can post that checksum here I can whitelist your app.

 

Best,

alfred

 

Hope you don't mind Alfred I want to make a suggestion for checksum files in Windows or Mac ... HashTab 3.0 it's free and a good one.

[benfaust]

I think I submitted another program labeled as the same threat mentioned here... But the false positive form goes to a Page Not Found message. Same for the other contact form I tried. So I'm not sure if you got the file I zipped and sent (TedNPad), and am attaching it here. I've used that Notepad alternative for years and have never had any problem with it.

 

TedNPad.zip

[millard@immunet.com]

I think I submitted another program labeled as the same threat mentioned here... But the false positive form goes to a Page Not Found message. Same for the other contact form I tried. So I'm not sure if you got the file I zipped and sent (TedNPad), and am attaching it here. I've used that Notepad alternative for years and have never had any problem with it.

 

TedNPad.zip

The TedNPad.zip False Positive has been fixed.

[DimitriAus]

There are several ways to report a FP.

 

The quickest way is this:

Go to this page http://www.immunet.c...tact/index.html go down and choose: "report false positives" and finally send the file.

...

 

I submitted an .exe file and your page says: The media file type you uploaded was not recognized. Please try again.

This file been scanned by virustotal.com - all good.

[ritchie58]

Hi DimitriAus, I too just tried to submit a FP several times using the Contact Us page and also got an error message. This is something Support definetly needs to look into!

 

However, when the site is working correctly it is important to archive the file in question as a zip file for submission.