Advice Request PrivaZer.exe is quarantined.

Please provide comments and solutions that are helpful to the author of this topic.

Morro

Morro

Level 17
Thread author
Verified
Top Poster
Well-known
Jul 8, 2012
821
Okay I do not know if this is the correct forum to report this, so if it is not then my apologies.

This afternoon at 15.52h DeepGuard from Ziggo Safe Online by F-secure (It is F-Secure Safe, just renamed for my IP Provider.) first blocked PrivaZer.exe when I tried to clean my trash bin. DeepGuard gave the reason " Supicious:W32/Malware!Online ". When I scanned PrivaZer Manually with Ziggo Safe Online, it was shown as safe. So I reported it to F-Secure as a False Positive and send a Copy of the file with it as well as was requested by F-Secure. (Waiting for an email with the results of their investigation of the file.)

Then later at 17.32h Ziggo Safe Online suddenly reported a danger, and it quarantined PrivaZer.exe, and for this reason...

dYW92c7.jpg


After the restart I scanned my PC, and it is clean according to Ziggo Safe Online. But this is a very weird thing, since I have been using PrivaZer for a few years now, and I installed Ziggo Safe Online from F-Secure on May the second. So why did this not pop up sooner? Until I get an answer back from F-Secure I can not be fully certain that it is an FP but still this is a weird thing that happened?
 
  • Like
  • Wow
Reactions: DDE_Server, Nevi, upnorth and 6 others
Solution
Morro
I like how fast F-Secure solved this. :D

Greetings,

Thank you for your submission.

Our analysis has found that the file you submitted is clean.

We have identified the issue as a False Positive, which will be resolved automatically via F-Secure's Security Cloud.




For environments where applications change or get often updated, Deepguard may keep on detecting a new version of the application as 'rare' or 'suspicious'.



For these cases we'd appreciate if you could submit additional samples that are still detected in response to this email (inside a password-protected zip). This is so that the offending detection that caused the false positive can be fixed.





Alternatively, you may want to configure a...
Sort by date Sort by votes
Morro

Morro

Level 17
Thread author
Verified
Top Poster
Well-known
Jul 8, 2012
821
I like how fast F-Secure solved this. :D

Greetings,

Thank you for your submission.

Our analysis has found that the file you submitted is clean.

We have identified the issue as a False Positive, which will be resolved automatically via F-Secure's Security Cloud.




For environments where applications change or get often updated, Deepguard may keep on detecting a new version of the application as 'rare' or 'suspicious'.



For these cases we'd appreciate if you could submit additional samples that are still detected in response to this email (inside a password-protected zip). This is so that the offending detection that caused the false positive can be fixed.





Alternatively, you may want to configure a temporary Exclusion inside your F-Secure product while the issue is investigated:

So Upnorth mentioning code can change was right on target alright. Why do I sound surprised about, considering what he does here. :) (Sorry Upnorth if it sounds like that.)

And now PrivaZer works again, I also made an exclusion for PrivaZer as F-Secure mentioned. (Just to be safe for future updates.)
 
  • Applause
  • Like
Reactions: Venustus, show-Zi, plat and 3 others
Upvote 2 Downvote
Solution
P

plat

Level 29
Top Poster
Sep 13, 2018
1,793
Well, what is your version number? Is it the latest one? PrivaZer just updated on the 29th of May, so the version is 4.0.24. It's not a common software, not like CCleaner, so perhaps it hasn't been universally whitelisted yet. Does the antivirus have a behavior blocker?

HitmanPro doesn't tag it via C:/ProgramFiles (x86), nor does Defender. If The_PrivaZer_Team knows about it via the PrivaZer thread, maybe he can contact directly.

jottiprivazer.PNG

:cool:
 
  • Like
  • Thanks
Reactions: Nevi, ZeePriest, roger_m and 4 others
Upvote 0 Downvote
Morro

Morro

Level 17
Thread author
Verified
Top Poster
Well-known
Jul 8, 2012
821
plat1098 said:
Well, what is your version number? Is it the latest one? PrivaZer just updated on the 29th of May, so the version is 4.0.24. It's not a common software, not like CCleaner, so perhaps it hasn't been universally whitelisted yet. Does the antivirus have a behavior blocker?

HitmanPro doesn't tag it via C:/ProgramFiles (x86), nor does Defender. If The_PrivaZer_Team knows about it via the PrivaZer thread, maybe he can contact directly.

View attachment 258584

:cool:
Click to expand...

I was indeed using the latest version 4.024, and like with F-Secure it contains DeepGuard. This is but a small piece of information from F-Secures DeepGuard Whitepaper PDF.

~ The DeepGuard module in F-Secure’s security products is a Host-based Intrusion Prevention System (HIPS), which
performs file reputation analysis and behavioural analysis. This module is responsible for the proactive, on-the-fly
monitoring and interception that serves as the final and most critical line of defence against new threats, even
those targeting previously unknown vulnerabilities. ~

There is much more to DeepGuard to explain here, sorry. You can read more about here...


When I removed PrivaZer for now they asked for a reason, and through that way I explained why I removed PrivaZer for now. Hopefully that was enough? But I will post in the PrivaZer thread as well, thank you. :)
 
Last edited:
  • Like
Reactions: Nevi, upnorth, ZeePriest and 4 others
Upvote 0 Downvote
Ink

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
Use your own judgement. Are you able to rollback to a previous version of PrivaZer?

From Suspicious:W32/Malware.variant!Online Description | F-Secure Labs
The Security Cloud rating for the file indicates that it:
  • Has code similar to known harmful programs,
  • Or has code for performing harmful actions.
Click to expand...

From F-Secure User Guides
Sometimes DeepGuard may block a safe application from running, even if you want to use the application and know it to be safe. This happens because the application tries to make system changes that might be potentially harmful.
Click to expand...

From F-Secure User Guides
DeepGuard monitors applications to detect potentially harmful changes to the system.

Potentially harmful system changes that DeepGuard detects include:
  • system setting (Windows registry) changes,
  • attempts to turn off important system programs, for example, security programs like this product, and
  • attempts to edit important system files.
Click to expand...

Reports for both files.
 
  • Like
  • Thanks
Reactions: upnorth, ZeePriest, show-Zi and 4 others
Upvote 0 Downvote
Morro

Morro

Level 17
Thread author
Verified
Top Poster
Well-known
Jul 8, 2012
821
Spawn said:
Use your own judgement. Are you able to rollback to a previous version of PrivaZer?

From Suspicious:W32/Malware.variant!Online Description | F-Secure Labs


From F-Secure User Guides


From F-Secure User Guides


Reports for both files.
Click to expand...

Every time I download the PrivaZer install file it downloads and installs version 4.0.24, and every time I try to install PrivaZer it gets seen as a threat and is quarantined immediately. As for the VirusTotal results, I had a feeling that would be the result. I hope that F-Secure soon notices that it is indeed an FP as I thought... maybe together with the team behind PrivaZer itself.
 
  • Like
  • +Reputation
  • Applause
Reactions: Nevi, ZeePriest, show-Zi and 2 others
Upvote 0 Downvote
Morro

Morro

Level 17
Thread author
Verified
Top Poster
Well-known
Jul 8, 2012
821
SeriousHoax said:
Have you submitted it here? Also choose the option, "I want to give more details....." fill in all the required info, and in the description section include the download source of PrivaZer and the detection name.
www.f-secure.com

Submit a sample | F‑Secure

www.f-secure.com www.f-secure.com
Click to expand...

I have submitted it here...

www.f-secure.com

Trojan:W32/Generic!Online | F-Secure Labs

Technical details and removal instructions for programs and files detected by F-Secure products.
www.f-secure.com

By using the tab next to the automatic action tab, and I got a confirmation email.
 
  • Like
  • Applause
Reactions: Venustus, Nevi, upnorth and 4 others
Upvote 0 Downvote
upnorth

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,459
Morro said:
I have been using PrivaZer for a few years now, and I installed Ziggo Safe Online from F-Secure on May the second. So why did this not pop up sooner? Until I get an answer back from F-Secure I can not be fully certain that it is an FP but still this is a weird thing that happened?
Click to expand...
Smart move submit the file directly to F-Secure. F-Secure can and will make a better assessment now.

If something similar happened, I would also hesitate use any normal " old " software that never been flagged before. Weird, yes and no I would say. With certain code changes ( updates ) or how the software is packed etc, it's very possible. But better Safe then Sorry, so submit that file even to one extra major AV vendor wouldn't hurt.
 
  • Like
  • +Reputation
  • Applause
Reactions: scot, show-Zi, plat and 7 others
Upvote 0 Downvote
Stopspying

Stopspying

Level 19
Verified
Top Poster
Well-known
Jan 21, 2018
814
I clicked on the update button in the top right-hand corner of the Privazer GUI to download this update, I could see that I was downloading a file by watching the internet connection activity, but I was getting no confirmation dialogue for a download in FF. I have FF set so as I choose where to download files rather than end up with a big collection of assorted files in the 'Download' folder. I tried again, the same things happened. I tried a search for PrivaZer.exe/PrivaZer_free.exe in Everything ( I find this much quicker than Windows own search), nothing showed up.

A bit later on I switched on a second monitor for the same PC, in the top left-hand corner of it was a stack of dialogue boxes asking where I wanted to save PrivaZer_free.exe 🙄

Just thought I'd mention this quite basic mistake, in case anyone reading this has had a bad day and wants a laugh. 😕🤣
 
  • HaHa
  • Like
Reactions: roger_m, Venustus, upnorth and 3 others
Upvote 0 Downvote

Similar threads

Shadowra
    • Like
    • +Reputation
    • Thanks
App Review F-Secure TOTAL 2024
Replies
30
Views
2,564
Video Reviews - Security and Privacy
Shadowra
Shadowra
Brownie2019
    • Like
Unlimited Giveaway F-Secure Internet Security 3 months for free
Replies
2
Views
506
Giveaways, Promotions and Contests
BigWrench
BigWrench
blackice
    • Like
    • Applause
  • Poll
Poll How many MT members are still using F-Secure? Are you still liking it?
Replies
46
Views
2,531
F-Secure
Digmoons
D

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top