Assigned Kaspersky Marked Zemana as Malware!

This thread is being handled by a member of the staff.
Status
Not open for further replies.

XhenEd

Level 28
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 1, 2014
1,708
I have just received this response from Zemana answering my concerns about HitmanPro detecting it as malware and they assure me there is nothing to worry about:

"There is nothing to worry about, this is a false positive. We are aware of it and have filed a request with SurfRight. As a temporary solution, you can choose the exclude option of your HitmanPro.
We are expecting whitelisting, but in the meanwhile we would ask you to report the case as well. This may speed up the process."
It could have been better if they filed a request of FP removal with Kaspersky, not Surfright. :D In this way, when Kaspersky removes the FP detection, HitmanPro automatically follows suit, thus killing two birds with one stone.
HitmanPro, by itself, didn't detect Zemana software. It was the Kaspersky engine that detects it.

Anyway, if I'm not mistaken, a Surfright dev already mentioned in the other forum that the FP detection is removed.
 

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
In my case Kaspersky as well as Hitmanpro.Alert detected ZAM.exe as a Trojan.
Now that is too much to accept.\
I let kaspersky do its job and delete zemana.
Perhaps someone hacked Zemana installer and infected it.
Who knows.

No, there wasn't any kind of breach and this is only related to Kaspersky engine. Couple of months ago, Avira was detecting Zemana but that was fixed. We contacted Kaspersky and Dr.Web and this should be resolved by now. Please update your Antivirus and let me know if you still have detection.
 

harlan4096

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,634
I reported the false positive the past 7th of October, and get the robot answer:
Subject: Re: [VirLabSRF][VD2][Malware false positive][M:1][LN:en][L:0] [KLAN-5130933274]

Hello,

This message has been generated by an automatic message response system. The message contains details about verdicts that have been returned by Anti-Virus in response to the files (if any are included in the message) with the latest updates installed.

Zemana.AntiMalware.Portable.exe

An unknown file has been received. It will be sent to the Virus Lab.

Best Regards, Kaspersky Lab
But got no final verdict, so I reclaimed 2 days later the final verdict, and still waiting :mad: so strange because I sent samples to KL VirusDesk almost everyday and I usually got so fast answers with final verdicts... but not this time! o_O
 

DardiM

Level 26
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
May 14, 2016
1,597
No, there wasn't any kind of breach and this is only related to Kaspersky engine. Couple of months ago, Avira was detecting Zemana but that was fixed. We contacted Kaspersky and Dr.Web and this should be resolved by now. Please update your Antivirus and let me know if you still have detection.

For the 3rd day consecutive, I have made several tests.

One change is the results given by VoodooShield, that now reports the updater file as False Positive

sc1.jpg sc2.jpg


About Kaspersky (Total Secutity 2017 - 17.0.0.611 (b) - last update) :

As in my previous posts, nothing has changed :

- He let ZAM make the update

After :

- 24 s before the right click contextual menu appears
- ZAM.exe => scan : all ok, safe
- KSN => ok
- Digital Sign => ok
- Kaspersky Application Advisor : ZAM.exe => Danger: Trojan.Win32.Delf.efbx
I reported the false positive the past 7th of October, and get the robot answer:

But got no final verdict, so I reclaimed 2 days later the final verdict, and still waiting :mad: so strange because I sent samples to KL VirusDesk almost everyday and I usually got so fast answers with final verdicts... but not this time! o_O
Very very strange behavior o_O
 
Last edited:

omidomi

Level 71
Thread author
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Apr 5, 2014
6,001
No, there wasn't any kind of breach and this is only related to Kaspersky engine. Couple of months ago, Avira was detecting Zemana but that was fixed. We contacted Kaspersky and Dr.Web and this should be resolved by now. Please update your Antivirus and let me know if you still have detection.
still detected with latest update:
update:
u.png

detection:
00.png
 

DardiM

Level 26
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
May 14, 2016
1,597
ZAM FP (Kaspersky detection) has been fixed here finally :)
Hallelujah !

Tested just after your last post :
=> all is right here, even the famous "24 s before contextual menu appears" is resolved : now, it's instant :)

(But they should modify the Kaspersky Application Advisor result :confused:, always : Danger: Trojan.Win32.Delf.efbx for the ZAM.exe file)

Hallelujah !
 
Last edited:

DardiM

Level 26
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
May 14, 2016
1,597
Hallelujah !

Tested just after your last post :
=> all is right here, even the famous "24 s before contextual menu appears" is resolved : now, it's instant :)

(But they should modify the Kaspersky Application Advisor result :confused:, always : Danger: Trojan.Win32.Delf.efbx for the ZAM.exe file)

Hallelujah !
Kaspersky Application Advisor result now says zam.exe is "safe" :)
 
Last edited:

Der.Reisende

Level 45
Honorary Member
Top Poster
Content Creator
Malware Hunter
Dec 27, 2014
3,423
Unfortunately, the update file is still marked malicious... It shows up in every test, even after leaving Shadow Mode in SD (please note this system is infected, but this is a fresh screenshot, will get the same on a clean system).
Can confirm @omidomi's VT detection.
2nd_opinion.JPG HMP_detail.JPG
 

DardiM

Level 26
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
May 14, 2016
1,597
Unfortunately, the update file is still marked malicious... It shows up in every test, even after leaving Shadow Mode in SD (please note this system is infected, but this is a fresh screenshot, will get the same on a clean system).
Can confirm @omidomi's VT detection.
"both are of no harm, the upper one is a false positive by Kaspersky engine"
This sentence is written on one of the Hitman reports.
The "upper one" : the zam updater :)

If think that if Kaspersky ended to mark it as False Positive, it's after a lot of test.
Other tools will certainly follows, with delay.

God save Kaspersky !
 
Last edited:
Y

yigido

Microsoft & Fortinet are copy-cats of signatures. They are copying signatures form well known vendors. I know many who do this..but I surprised after Windows Defender detection..
Yandex, is also using Kaspersky and Agnitum. This is why the detection come..
It seems all vendors are detecting ZAM for no reason.. C'mon all vendors detect this great antimalware solution who punches your copy-cat faces..
 

Mohan Rajan

Level 2
Verified
May 7, 2016
85
No, there wasn't any kind of breach and this is only related to Kaspersky engine. Couple of months ago, Avira was detecting Zemana but that was fixed. We contacted Kaspersky and Dr.Web and this should be resolved by now. Please update your Antivirus and let me know if you still have detection.
Thanks for the update.
the file was also detected as trojan by REGRUN of Greatis Software.
In any case I redownloaded and installed ZAL and now things are fine.
 

omidomi

Level 71
Thread author
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Apr 5, 2014
6,001
Microsoft & Fortinet are copy-cats of signatures. They are copying signatures form well known vendors. I know many who do this..but I surprised after Windows Defender detection..
Yandex, is also using Kaspersky and Agnitum. This is why the detection come..
It seems all vendors are detecting ZAM for no reason.. C'mon all vendors detect this great antimalware solution who punches your copy-cat faces..
I think when Kaspersky marked Zemana as malware (I do't know why?!) another company just copy-cat signature :D
brightly you see Eugene Kaspersky is honest, and MicroSoft steal their signatures...
www.reuters.com/article/us-kaspersky-rivals-idUSKCN0QJ1CR20150814
at that time no one Trust Eugene but now all people understand he is honest...
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top