Assigned Kaspersky Marked Zemana as Malware!

[XhenEd]

I have just received this response from Zemana answering my concerns about HitmanPro detecting it as malware and they assure me there is nothing to worry about:

"There is nothing to worry about, this is a false positive. We are aware of it and have filed a request with SurfRight. As a temporary solution, you can choose the exclude option of your HitmanPro.
We are expecting whitelisting, but in the meanwhile we would ask you to report the case as well. This may speed up the process."

It could have been better if they filed a request of FP removal with Kaspersky, not Surfright. In this way, when Kaspersky removes the FP detection, HitmanPro automatically follows suit, thus killing two birds with one stone.
HitmanPro, by itself, didn't detect Zemana software. It was the Kaspersky engine that detects it.

Anyway, if I'm not mistaken, a Surfright dev already mentioned in the other forum that the FP detection is removed.

 

[TwinHeadedEagle]

In my case Kaspersky as well as Hitmanpro.Alert detected ZAM.exe as a Trojan.
Now that is too much to accept.\
I let kaspersky do its job and delete zemana.
Perhaps someone hacked Zemana installer and infected it.
Who knows.

No, there wasn't any kind of breach and this is only related to Kaspersky engine. Couple of months ago, Avira was detecting Zemana but that was fixed. We contacted Kaspersky and Dr.Web and this should be resolved by now. Please update your Antivirus and let me know if you still have detection.

 

[XhenEd]

If Kaspersky and Dr. Web reacted to remove the FP only when they're already approached by Zemana team, shame on them!

A couple of users already, including @harlan4096 , reported this FP, but they didn't even care to respond, at least to harlan's request.

 

[harlan4096]

I reported the false positive the past 7th of October, and get the robot answer:

Subject: Re: [VirLabSRF][VD2][Malware false positive][M:1][LN:en][L:0] [KLAN-5130933274]

Hello,

This message has been generated by an automatic message response system. The message contains details about verdicts that have been returned by Anti-Virus in response to the files (if any are included in the message) with the latest updates installed.

Zemana.AntiMalware.Portable.exe

An unknown file has been received. It will be sent to the Virus Lab.

Best Regards, Kaspersky Lab

But got no final verdict, so I reclaimed 2 days later the final verdict, and still waiting so strange because I sent samples to KL VirusDesk almost everyday and I usually got so fast answers with final verdicts... but not this time!

 

[DardiM]

No, there wasn't any kind of breach and this is only related to Kaspersky engine. Couple of months ago, Avira was detecting Zemana but that was fixed. We contacted Kaspersky and Dr.Web and this should be resolved by now. Please update your Antivirus and let me know if you still have detection.

For the 3rd day consecutive, I have made several tests.

One change is the results given by VoodooShield, that now reports the updater file as False Positive




About Kaspersky (Total Secutity 2017 - 17.0.0.611 (b) - last update) :

As in my previous posts, nothing has changed :

- He let ZAM make the update

After :

- 24 s before the right click contextual menu appears
- ZAM.exe => scan : all ok, safe
- KSN => ok
- Digital Sign => ok
- Kaspersky Application Advisor : ZAM.exe => Danger: Trojan.Win32.Delf.efbx
​

I reported the false positive the past 7th of October, and get the robot answer:

But got no final verdict, so I reclaimed 2 days later the final verdict, and still waiting so strange because I sent samples to KL VirusDesk almost everyday and I usually got so fast answers with final verdicts... but not this time!

Very very strange behavior

 

[omidomi]

No, there wasn't any kind of breach and this is only related to Kaspersky engine. Couple of months ago, Avira was detecting Zemana but that was fixed. We contacted Kaspersky and Dr.Web and this should be resolved by now. Please update your Antivirus and let me know if you still have detection.

still detected with latest update:
update:

detection:

 

[Ana_Filiz]

Total Kafka!

 

[harlan4096]

ZAM FP (Kaspersky detection) has been fixed here finally

 

[DardiM]

ZAM FP (Kaspersky detection) has been fixed here finally

Hallelujah !

Tested just after your last post :
=> all is right here, even the famous "24 s before contextual menu appears" is resolved : now, it's instant

(But they should modify the Kaspersky Application Advisor result , always : Danger: Trojan.Win32.Delf.efbx for the ZAM.exe file)

Hallelujah !

 

[aragornnnn]

Yep works fine here to finally haha

 

[DardiM]

Hallelujah !

Tested just after your last post :
=> all is right here, even the famous "24 s before contextual menu appears" is resolved : now, it's instant

(But they should modify the Kaspersky Application Advisor result , always : Danger: Trojan.Win32.Delf.efbx for the ZAM.exe file)

Hallelujah !

Kaspersky Application Advisor result now says zam.exe is "safe"

 

[omidomi]

Ha ha ha now Yandex and fortinet mark Zemana as malware:

 

[Der.Reisende]

Unfortunately, the update file is still marked malicious... It shows up in every test, even after leaving Shadow Mode in SD (please note this system is infected, but this is a fresh screenshot, will get the same on a clean system).
Can confirm @omidomi's VT detection.

Spoiler: ZAM Update File Screenshot

 

[DardiM]

Unfortunately, the update file is still marked malicious... It shows up in every test, even after leaving Shadow Mode in SD (please note this system is infected, but this is a fresh screenshot, will get the same on a clean system).
Can confirm @omidomi's VT detection.

Spoiler: ZAM Update File Screenshot

View attachment 118027 View attachment 118028

"both are of no harm, the upper one is a false positive by Kaspersky engine"
This sentence is written on one of the Hitman reports.
The "upper one" : the zam updater

If think that if Kaspersky ended to mark it as False Positive, it's after a lot of test.
Other tools will certainly follows, with delay.

God save Kaspersky !

 

[yigido]

Microsoft & Fortinet are copy-cats of signatures. They are copying signatures form well known vendors. I know many who do this..but I surprised after Windows Defender detection..
Yandex, is also using Kaspersky and Agnitum. This is why the detection come..
It seems all vendors are detecting ZAM for no reason.. C'mon all vendors detect this great antimalware solution who punches your copy-cat faces..

 

[Mohan Rajan]

No, there wasn't any kind of breach and this is only related to Kaspersky engine. Couple of months ago, Avira was detecting Zemana but that was fixed. We contacted Kaspersky and Dr.Web and this should be resolved by now. Please update your Antivirus and let me know if you still have detection.

Thanks for the update.
the file was also detected as trojan by REGRUN of Greatis Software.
In any case I redownloaded and installed ZAL and now things are fine.

 

[omidomi]

Microsoft & Fortinet are copy-cats of signatures. They are copying signatures form well known vendors. I know many who do this..but I surprised after Windows Defender detection..
Yandex, is also using Kaspersky and Agnitum. This is why the detection come..
It seems all vendors are detecting ZAM for no reason.. C'mon all vendors detect this great antimalware solution who punches your copy-cat faces..

I think when Kaspersky marked Zemana as malware (I do't know why?!) another company just copy-cat signature
brightly you see Eugene Kaspersky is honest, and MicroSoft steal their signatures...
www.reuters.com/article/us-kaspersky-rivals-idUSKCN0QJ1CR20150814
at that time no one Trust Eugene but now all people understand he is honest...

 

[TwinHeadedEagle]

We've got report that McAfee flagged Zemana too, so it is very clear that they copy signatures without checking.

 

[omidomi]

We've got report that McAfee flagged Zemana too, so it is very clear that they copy signatures without checking.

Ha Ha Ha come on McAfee
we will understand which company copy signature from another company
Good job Kasperky and Dr.Web

 

[jamescv7]

Kaspersky's response is something not the fastest to resolve FP and sometimes reporting once could not guarantee the case is closed.

Now we know how bandwagon detection occur without any verification.