claudiot Posted October 13, 2018 Report Share Posted October 13, 2018 (edited) Today I found messages from Windows Defender, one every hour since midnight, stating that it found "TrojanDownloader:JS/Nemucod" in C:\Program Files\Immunet\clamav\0.100.0.60\clamav-127ae86972fae58f8f7b35fa9bc7c513.tmp\clamav-b1fab55088b03613ebc238d1c93d696e.tmp\daily.ldb ... it is a false positive, isn't it? Thanks Edited October 13, 2018 by claudiot Link to comment Share on other sites More sharing options...
Guest Wookiee Posted October 13, 2018 Report Share Posted October 13, 2018 probably the same file that comes with ClamAV, but you can run a SHA256 against it and upload it to virus total to verify We don't package viruses with our software, I promise Link to comment Share on other sites More sharing options...
ritchie58 Posted October 14, 2018 Report Share Posted October 14, 2018 Hi claudiot, please click on this link to a thread I just posted to a similar Support topic that will show you how to avoid these false positives by creating a custom exception rule with Win 10 Defender. http://support.immunet.com/topic/3706-trojandownloader-jsnemucod/ 1 Link to comment Share on other sites More sharing options...
claudiot Posted October 14, 2018 Author Report Share Posted October 14, 2018 (edited) Hi, yes, of course you don't package viruses with your software, and I added an exclusion for the whole clamav directory. I can't (I'm not able to) send a sample to Virustotal, since it seems to be a temporary directory built when downloading updates, so when I check the directory seems to be already gone. And, I don't like to exclude directories in general, since it would be cute for a malware to install itself in an excluded directory... which is why I asked. Also, this is a very old issue, antimalware detecting other antimalware's files as malware, so I supposed this to be tested as routine before releasing updates. If it is a false positive, other people would have the same issue. JohnJ had exactly the same issue, so now I'm fine . Thanks Edited October 14, 2018 by claudiot Link to comment Share on other sites More sharing options...
Guest Wookiee Posted October 15, 2018 Report Share Posted October 15, 2018 Yeah, It's a FP of Windows Defender Link to comment Share on other sites More sharing options...
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now