Jump to content
johnm

False Positive W32.spero.generic-091 For Serenjisentry.exe

Recommended Posts

This morning my 2.0.14.139 ClamAV-branded installation of Immunet Protect quarantined a file named SerenjiSentry.exe. I am absolutely sure this is a false positive, since I am Senior Product Engineer at the company where this file originates. Serenji is a product of George James Software (www.georgejames.com).

 

It must be a new detection, since the exe has been present and running on my PC since long before I installed Immunet Protect.

 

Please correct this.

 

Thank you.

 

John Murray

  • Like 2

Share this post


Link to post
Share on other sites
Guest Orlando

This morning my 2.0.14.139 ClamAV-branded installation of Immunet Protect quarantined a file named SerenjiSentry.exe. I am absolutely sure this is a false positive, since I am Senior Product Engineer at the company where this file originates. Serenji is a product of George James Software (www.georgejames.com).

 

It must be a new detection, since the exe has been present and running on my PC since long before I installed Immunet Protect.

 

Please correct this.

 

Thank you.

 

John Murray

 

There are several ways to report a FP.

 

The quickest way is this:

Go to this page http://www.immunet.com/contact/index.html go down and choose: "report false positives" and finally send the file.

 

Other methods (most uncomfortable for both, but useful in case one goes down):

1 - Post the file here if it is not too large;

2 - Send it to support@immunet.com with a brief explanation.

 

Thanks for the support,

Orlando

Share this post


Link to post
Share on other sites
Guest Jean-Claude Bilodeau

Scans here seems to detect a lot of viruses, they are all quarantined but I'm wondering if it's not a false alert ?

 

W32.spero.generic-091

W32.spero.startpage 0907

 

Can anyone advise if these are false positives ?

 

Thanks

Share this post


Link to post
Share on other sites

Scans here seems to detect a lot of viruses, they are all quarantined but I'm wondering if it's not a false alert ?

 

W32.spero.generic-091

W32.spero.startpage 0907

 

Can anyone advise if these are false positives ?

 

Thanks

 

 

Hi,

 

The detection names themselves are not really enough to help us define if the detections you received are false positives or not. You can post the files, or you can send a support snapshot (http://support.immunet.com/tiki-read_article.php?articleId=10) to support@immunet.com and we can diagnose it there.

 

Regards,

al

Share this post


Link to post
Share on other sites
Guest Don B

I have a screen saver that I created myself and has been running on one of my computers for a couple of years. This morning Immunet flagged it as a virus it called W32.SPERO.VAC.0915

 

The screen saver file would be quite large to upload here, it's 129 meg. The file was created using Ifanview from jpg pictures of flowers I took.

 

Don

Share this post


Link to post
Share on other sites
Guest Orlando

I have a screen saver that I created myself and has been running on one of my computers for a couple of years. This morning Immunet flagged it as a virus it called W32.SPERO.VAC.0915

 

The screen saver file would be quite large to upload here, it's 129 meg. The file was created using Ifanview from jpg pictures of flowers I took.

 

Don

 

As I have said the procedure is as follows:

 

There are several ways to report a FP.

 

The quickest way is this:

Go to this page http://www.immunet.c...tact/index.html go down and choose: "report false positives" and finally send the file.

 

Other methods (most uncomfortable for both, but useful in case one goes down):

1 - Post the file here if it is not too large;

2 - Send it to support@immunet.com with a brief explanation.

 

Knowing the name recognition does not help us to identify the FP.

 

Orlando

Share this post


Link to post
Share on other sites

I have a screen saver that I created myself and has been running on one of my computers for a couple of years. This morning Immunet flagged it as a virus it called W32.SPERO.VAC.0915

 

The screen saver file would be quite large to upload here, it's 129 meg. The file was created using Ifanview from jpg pictures of flowers I took.

 

Don

 

 

Don,

 

We can fix this without you needing to send all 129 megs to us. If you download a fingerprint tool called md5deep 3.6 and run one of it's binaries on your screen saver for us. You can grab this tool at:

 

http://sourceforge.net/projects/md5deep/files/md5deep/md5deep-3.6/md5deep-3.6.zip/download

 

This will give you a zip file with a series of hashtools in it. You want to run sha256deep.exe against your binary. It will spit out s sha56 checksum to you. If you can post that checksum here I can whitelist your app.

 

Best,

alfred

Share this post


Link to post
Share on other sites

Don,

 

We can fix this without you needing to send all 129 megs to us. If you download a fingerprint tool called md5deep 3.6 and run one of it's binaries on your screen saver for us. You can grab this tool at:

 

http://sourceforge.net/projects/md5deep/files/md5deep/md5deep-3.6/md5deep-3.6.zip/download

 

This will give you a zip file with a series of hashtools in it. You want to run sha256deep.exe against your binary. It will spit out s sha56 checksum to you. If you can post that checksum here I can whitelist your app.

 

Best,

alfred

 

Hope you don't mind Alfred I want to make a suggestion for checksum files in Windows or Mac ... HashTab 3.0 it's free and a good one.

Share this post


Link to post
Share on other sites

I think I submitted another program labeled as the same threat mentioned here... But the false positive form goes to a Page Not Found message. Same for the other contact form I tried. So I'm not sure if you got the file I zipped and sent (TedNPad), and am attaching it here. I've used that Notepad alternative for years and have never had any problem with it.

 

TedNPad.zip

Share this post


Link to post
Share on other sites

I think I submitted another program labeled as the same threat mentioned here... But the false positive form goes to a Page Not Found message. Same for the other contact form I tried. So I'm not sure if you got the file I zipped and sent (TedNPad), and am attaching it here. I've used that Notepad alternative for years and have never had any problem with it.

 

TedNPad.zip

The TedNPad.zip False Positive has been fixed.

Share this post


Link to post
Share on other sites

There are several ways to report a FP.

 

The quickest way is this:

Go to this page http://www.immunet.c...tact/index.html go down and choose: "report false positives" and finally send the file.

...

 

I submitted an .exe file and your page says: 5square.gifThe media file type you uploaded was not recognized. Please try again.

This file been scanned by virustotal.com - all good.

Edited by DimitriAus

Share this post


Link to post
Share on other sites

Hi DimitriAus, I too just tried to submit a FP several times using the Contact Us page and also got an error message. This is something Support definetly needs to look into!

 

However, when the site is working correctly it is important to archive the file in question as a zip file for submission.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...