Problem with submitting false positives to Norton and Bitdefender.
- Thread starter Andy Ful
- Start date
@Andy Ful
I just received an email from Bitdefender with respect to their analysis of the files that you submitted. If you like, I can share the snapshot of the message privately or if you would like me to share it here, feel free to let me know
I just received an email from Bitdefender with respect to their analysis of the files that you submitted. If you like, I can share the snapshot of the message privately or if you would like me to share it here, feel free to let me know
You can post it here.
I also got an email. Two submissions were identified as clean and one as PUA. I asked them why they think it is a PUA, when Microsoft does not think so after manual analysis. Of course, without manual analysis, several executables from Hard_Configurator would be identified as PUA or malware, because H_C is a security-oriented application that can change the Windows built-in security options (including Microsoft Defender and Windows Firewall). That is why I must send all H_C executables to Avast, Bitdefender, Microsoft, and Norton.
Last edited:
This is a Nirsoft program, their programs have been flagged by various AV's for years.
In my view, there should be a new detection standard and nomenclature for apps that can potentially be used for malice but on the flipside, can be useful with the right intent; they cannot technically be PUAs, if that makes sense
Nirsoft's apps are great and there may be other software alike in terms of their effectiveness, getting flagged by AVs as PUAs but they shouldn't
Nirsoft's apps are great and there may be other software alike in terms of their effectiveness, getting flagged by AVs as PUAs but they shouldn't
Bitdefender's home products don't detect Nirsoft utilities, only Endpoint solutions do.
Some Nirsoft utils should be identified as PUA because they can be used to find passwords, etc. In H_C, I use FullEventLogView to show the blocked events. It is OK to identify it as PUA in Enterprises because Administrators can allow it if necessary. I checked on VirusTotal and FullEventLogView is identified as benign by all AVs (0 detections).
I sent the newest H_C installer to VT. The result is as usual (1 false positive from VBA32). So finally, I can publish the new version (probably today).
I sent the newest H_C installer to VT. The result is as usual (1 false positive from VBA32). So finally, I can publish the new version (probably today).
You can't submit a file; submit a photo of the event in your AV along with the ATC No of the event.
I had two Martin Clement products blacklisted by BitDefender as malicious even though they're legitimate applications. I changed disinfect to take no action. Hopefully BitDefender support will issue an update to whitelist them.
Unless Bitdefender is notified of the fact that they are legit, I don't think they will whitelist; I would suggest you submit them as false positives
You may also like...
-
Best Paid Antivirus in Late 2025 – Norton, Bitdefender, or What?- Started by Bot
- Replies: 63
-
-
Paid vs Free Antivirus in 2026: What are you using, and is it worth paying for?
- Started by Bot
- Replies: 96
-
-
Some guy asks if Windows Defender/Microsoft Defender is enough and this is the amazing answer he got back- Started by annaegorov
- Replies: 88