Windows defender "detects" an Immunet file?

[claudiot 0]

Today I found messages from Windows Defender, one every hour since midnight, stating that it found "TrojanDownloader:JS/Nemucod" in

C:\Program Files\Immunet\clamav\0.100.0.60\clamav-127ae86972fae58f8f7b35fa9bc7c513.tmp\clamav-b1fab55088b03613ebc238d1c93d696e.tmp\daily.ldb

... it is a false positive, isn't it?

 

Thanks

 

 

Edited October 13, 2018 by claudiot

[Wookiee 37]

probably the same file that comes with ClamAV, but you can run a SHA256 against it and upload it to virus total to verify

We don't package viruses with our software, I promise

[ritchie58 392]

Hi claudiot, please click on this link to a thread I just posted to a similar Support topic that will show you how to avoid these false positives by creating a custom exception rule with Win 10 Defender.                                                                                        
http://support.immunet.com/topic/3706-trojandownloader-jsnemucod/

[claudiot 0]

Hi,

yes, of course you don't package viruses with your software, and I added an exclusion for the whole clamav directory. I can't (I'm not able to) send a sample to Virustotal, since it seems to be a temporary directory built when downloading updates, so when I check the directory seems to be already gone. And, I don't like to exclude directories in general, since it would be cute for a malware to install itself in an excluded directory... which is why I asked. Also, this is a very old issue, antimalware detecting other antimalware's files as malware, so I supposed this to be tested as routine before releasing updates. If it is a false positive, other people would have the same issue. JohnJ had  exactly the same issue, so now I'm fine  .

Thanks

Edited October 14, 2018 by claudiot

[Wookiee 37]

Yeah, It's a FP of Windows Defender