claudiot Posted October 13, 2018 Report Share Posted October 13, 2018 Today I found messages from Windows Defender, one every hour since midnight, stating that it found "TrojanDownloader:JS/Nemucod" in C:\Program Files\Immunet\clamav\0.100.0.60\clamav-127ae86972fae58f8f7b35fa9bc7c513.tmp\clamav-b1fab55088b03613ebc238d1c93d696e.tmp\daily.ldb ... it is a false positive, isn't it? Thanks Link to comment Share on other sites More sharing options...
Guest Wookiee Posted October 13, 2018 Report Share Posted October 13, 2018 probably the same file that comes with ClamAV, but you can run a SHA256 against it and upload it to virus total to verify We don't package viruses with our software, I promise Link to comment Share on other sites More sharing options...
ritchie58 Posted October 14, 2018 Report Share Posted October 14, 2018 Hi claudiot, please click on this link to a thread I just posted to a similar Support topic that will show you how to avoid these false positives by creating a custom exception rule with Win 10 Defender. http://support.immunet.com/topic/3706-trojandownloader-jsnemucod/ Link to comment Share on other sites More sharing options...
claudiot Posted October 14, 2018 Author Report Share Posted October 14, 2018 Hi, yes, of course you don't package viruses with your software, and I added an exclusion for the whole clamav directory. I can't (I'm not able to) send a sample to Virustotal, since it seems to be a temporary directory built when downloading updates, so when I check the directory seems to be already gone. And, I don't like to exclude directories in general, since it would be cute for a malware to install itself in an excluded directory... which is why I asked. Also, this is a very old issue, antimalware detecting other antimalware's files as malware, so I supposed this to be tested as routine before releasing updates. If it is a false positive, other people would have the same issue. JohnJ had exactly the same issue, so now I'm fine . Thanks Link to comment Share on other sites More sharing options...
Guest Wookiee Posted October 15, 2018 Report Share Posted October 15, 2018 Yeah, It's a FP of Windows Defender Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.