XhenEd

Level 27
Verified
Trusted
Content Creator
I have just received this response from Zemana answering my concerns about HitmanPro detecting it as malware and they assure me there is nothing to worry about:

"There is nothing to worry about, this is a false positive. We are aware of it and have filed a request with SurfRight. As a temporary solution, you can choose the exclude option of your HitmanPro.
We are expecting whitelisting, but in the meanwhile we would ask you to report the case as well. This may speed up the process."
It could have been better if they filed a request of FP removal with Kaspersky, not Surfright. :D In this way, when Kaspersky removes the FP detection, HitmanPro automatically follows suit, thus killing two birds with one stone.
HitmanPro, by itself, didn't detect Zemana software. It was the Kaspersky engine that detects it.

Anyway, if I'm not mistaken, a Surfright dev already mentioned in the other forum that the FP detection is removed.
 

TwinHeadedEagle

Removal Expert
Verified
Staff member
In my case Kaspersky as well as Hitmanpro.Alert detected ZAM.exe as a Trojan.
Now that is too much to accept.\
I let kaspersky do its job and delete zemana.
Perhaps someone hacked Zemana installer and infected it.
Who knows.
No, there wasn't any kind of breach and this is only related to Kaspersky engine. Couple of months ago, Avira was detecting Zemana but that was fixed. We contacted Kaspersky and Dr.Web and this should be resolved by now. Please update your Antivirus and let me know if you still have detection.
 

harlan4096

Level 63
Verified
Staff member
Malware Hunter
I reported the false positive the past 7th of October, and get the robot answer:
Subject: Re: [VirLabSRF][VD2][Malware false positive][M:1][LN:en][L:0] [KLAN-5130933274]

Hello,

This message has been generated by an automatic message response system. The message contains details about verdicts that have been returned by Anti-Virus in response to the files (if any are included in the message) with the latest updates installed.

Zemana.AntiMalware.Portable.exe

An unknown file has been received. It will be sent to the Virus Lab.

Best Regards, Kaspersky Lab
But got no final verdict, so I reclaimed 2 days later the final verdict, and still waiting :mad: so strange because I sent samples to KL VirusDesk almost everyday and I usually got so fast answers with final verdicts... but not this time! o_O
 

DardiM

Level 26
Verified
Trusted
Malware Hunter
No, there wasn't any kind of breach and this is only related to Kaspersky engine. Couple of months ago, Avira was detecting Zemana but that was fixed. We contacted Kaspersky and Dr.Web and this should be resolved by now. Please update your Antivirus and let me know if you still have detection.
For the 3rd day consecutive, I have made several tests.

One change is the results given by VoodooShield, that now reports the updater file as False Positive

sc1.jpg sc2.jpg


About Kaspersky (Total Secutity 2017 - 17.0.0.611 (b) - last update) :

As in my previous posts, nothing has changed :

- He let ZAM make the update

After :

- 24 s before the right click contextual menu appears
- ZAM.exe => scan : all ok, safe
- KSN => ok
- Digital Sign => ok
- Kaspersky Application Advisor : ZAM.exe => Danger: Trojan.Win32.Delf.efbx
I reported the false positive the past 7th of October, and get the robot answer:

But got no final verdict, so I reclaimed 2 days later the final verdict, and still waiting :mad: so strange because I sent samples to KL VirusDesk almost everyday and I usually got so fast answers with final verdicts... but not this time! o_O
Very very strange behavior o_O
 
Last edited:

omidomi

Level 67
Verified
Trusted
Malware Hunter
No, there wasn't any kind of breach and this is only related to Kaspersky engine. Couple of months ago, Avira was detecting Zemana but that was fixed. We contacted Kaspersky and Dr.Web and this should be resolved by now. Please update your Antivirus and let me know if you still have detection.
still detected with latest update:
update:

detection:
 

DardiM

Level 26
Verified
Trusted
Malware Hunter
ZAM FP (Kaspersky detection) has been fixed here finally :)
Hallelujah !

Tested just after your last post :
=> all is right here, even the famous "24 s before contextual menu appears" is resolved : now, it's instant :)

(But they should modify the Kaspersky Application Advisor result :confused:, always : Danger: Trojan.Win32.Delf.efbx for the ZAM.exe file)

Hallelujah !
 
Last edited:

DardiM

Level 26
Verified
Trusted
Malware Hunter
Hallelujah !

Tested just after your last post :
=> all is right here, even the famous "24 s before contextual menu appears" is resolved : now, it's instant :)

(But they should modify the Kaspersky Application Advisor result :confused:, always : Danger: Trojan.Win32.Delf.efbx for the ZAM.exe file)

Hallelujah !
Kaspersky Application Advisor result now says zam.exe is "safe" :)
 
Last edited:

Der.Reisende

Level 40
Verified
Trusted
Content Creator
Malware Hunter
Unfortunately, the update file is still marked malicious... It shows up in every test, even after leaving Shadow Mode in SD (please note this system is infected, but this is a fresh screenshot, will get the same on a clean system).
Can confirm @omidomi's VT detection.
2nd_opinion.JPG HMP_detail.JPG
 

DardiM

Level 26
Verified
Trusted
Malware Hunter
Unfortunately, the update file is still marked malicious... It shows up in every test, even after leaving Shadow Mode in SD (please note this system is infected, but this is a fresh screenshot, will get the same on a clean system).
Can confirm @omidomi's VT detection.
"both are of no harm, the upper one is a false positive by Kaspersky engine"
This sentence is written on one of the Hitman reports.
The "upper one" : the zam updater :)

If think that if Kaspersky ended to mark it as False Positive, it's after a lot of test.
Other tools will certainly follows, with delay.

God save Kaspersky !
 
Last edited:
Y

yigido

Microsoft & Fortinet are copy-cats of signatures. They are copying signatures form well known vendors. I know many who do this..but I surprised after Windows Defender detection..
Yandex, is also using Kaspersky and Agnitum. This is why the detection come..
It seems all vendors are detecting ZAM for no reason.. C'mon all vendors detect this great antimalware solution who punches your copy-cat faces..
 
No, there wasn't any kind of breach and this is only related to Kaspersky engine. Couple of months ago, Avira was detecting Zemana but that was fixed. We contacted Kaspersky and Dr.Web and this should be resolved by now. Please update your Antivirus and let me know if you still have detection.
Thanks for the update.
the file was also detected as trojan by REGRUN of Greatis Software.
In any case I redownloaded and installed ZAL and now things are fine.
 

omidomi

Level 67
Verified
Trusted
Malware Hunter
Microsoft & Fortinet are copy-cats of signatures. They are copying signatures form well known vendors. I know many who do this..but I surprised after Windows Defender detection..
Yandex, is also using Kaspersky and Agnitum. This is why the detection come..
It seems all vendors are detecting ZAM for no reason.. C'mon all vendors detect this great antimalware solution who punches your copy-cat faces..
I think when Kaspersky marked Zemana as malware (I do't know why?!) another company just copy-cat signature :D
brightly you see Eugene Kaspersky is honest, and MicroSoft steal their signatures...
www.reuters.com/article/us-kaspersky-rivals-idUSKCN0QJ1CR20150814
at that time no one Trust Eugene but now all people understand he is honest...