claudiot 0 Report post Posted October 13, 2018 (edited) Today I found messages from Windows Defender, one every hour since midnight, stating that it found "TrojanDownloader:JS/Nemucod" in C:\Program Files\Immunet\clamav\0.100.0.60\clamav-127ae86972fae58f8f7b35fa9bc7c513.tmp\clamav-b1fab55088b03613ebc238d1c93d696e.tmp\daily.ldb ... it is a false positive, isn't it? Thanks Edited October 13, 2018 by claudiot Quote Share this post Link to post Share on other sites
Guest Wookiee Report post Posted October 13, 2018 probably the same file that comes with ClamAV, but you can run a SHA256 against it and upload it to virus total to verify We don't package viruses with our software, I promise Quote Share this post Link to post Share on other sites
ritchie58 450 Report post Posted October 14, 2018 Hi claudiot, please click on this link to a thread I just posted to a similar Support topic that will show you how to avoid these false positives by creating a custom exception rule with Win 10 Defender. http://support.immunet.com/topic/3706-trojandownloader-jsnemucod/ 1 Quote Share this post Link to post Share on other sites
claudiot 0 Report post Posted October 14, 2018 (edited) Hi, yes, of course you don't package viruses with your software, and I added an exclusion for the whole clamav directory. I can't (I'm not able to) send a sample to Virustotal, since it seems to be a temporary directory built when downloading updates, so when I check the directory seems to be already gone. And, I don't like to exclude directories in general, since it would be cute for a malware to install itself in an excluded directory... which is why I asked. Also, this is a very old issue, antimalware detecting other antimalware's files as malware, so I supposed this to be tested as routine before releasing updates. If it is a false positive, other people would have the same issue. JohnJ had exactly the same issue, so now I'm fine . Thanks Edited October 14, 2018 by claudiot Quote Share this post Link to post Share on other sites
Guest Wookiee Report post Posted October 15, 2018 Yeah, It's a FP of Windows Defender Quote Share this post Link to post Share on other sites