Jump to content
claudiot

Windows defender "detects" an Immunet file?

Recommended Posts

Today I found messages from Windows Defender, one every hour since midnight, stating that it found "TrojanDownloader:JS/Nemucod" in

C:\Program Files\Immunet\clamav\0.100.0.60\clamav-127ae86972fae58f8f7b35fa9bc7c513.tmp\clamav-b1fab55088b03613ebc238d1c93d696e.tmp\daily.ldb

... it is a false positive, isn't it?

 

Thanks

 

 

Edited by claudiot

Share this post


Link to post
Share on other sites

probably the same file that comes with ClamAV, but you can run a SHA256 against it and upload it to virus total to verify

We don't package viruses with our software, I promise :)

Share this post


Link to post
Share on other sites

Hi claudiot, please click on this link to a thread I just posted to a similar Support topic that will show you how to avoid these false positives by creating a custom exception rule with Win 10 Defender.                                                                                        
http://support.immunet.com/topic/3706-trojandownloader-jsnemucod/

  • Like 1

Share this post


Link to post
Share on other sites

Hi,

yes, of course you don't package viruses with your software, and I added an exclusion for the whole clamav directory. I can't (I'm not able to) send a sample to Virustotal, since it seems to be a temporary directory built when downloading updates, so when I check the directory seems to be already gone. And, I don't like to exclude directories in general, since it would be cute for a malware to install itself in an excluded directory... which is why I asked. Also, this is a very old issue, antimalware detecting other antimalware's files as malware, so I supposed this to be tested as routine before releasing updates. If it is a false positive, other people would have the same issue. JohnJ had  exactly the same issue, so now I'm fine :) .

Thanks

Edited by claudiot

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...