Serious Discussion Problem with submitting false positives to Norton and Bitdefender.

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,251
@Andy Ful
I just received an email from Bitdefender with respect to their analysis of the files that you submitted. If you like, I can share the snapshot of the message privately or if you would like me to share it here, feel free to let me know
You can post it here.
I also got an email. Two submissions were identified as clean and one as PUA. I asked them why they think it is a PUA, when Microsoft does not think so after manual analysis. Of course, without manual analysis, several executables from Hard_Configurator would be identified as PUA or malware, because H_C is a security-oriented application that can change the Windows built-in security options (including Microsoft Defender and Windows Firewall). That is why I must send all H_C executables to Avast, Bitdefender, Microsoft, and Norton.
 
Last edited:

partha_roy

Level 3
Oct 16, 2022
105
You can post it here.
I also got an email. Two submissions were identified as clean and one as PUA. I asked them why they think it is a PUA, when Microsoft does not think so after manual analysis. Of course, without manual analysis, several executables from Hard_Configurator would be identified as PUA or malware, because H_C is a security-oriented application that can change the Windows built-in security options (including Microsoft Defender and Windows Firewall). That is why I must send all H_C executables to Avast, Bitdefender, Microsoft, and Norton.
Makes sense

This is what they wrote to me:

1688259006915.png
 

partha_roy

Level 3
Oct 16, 2022
105
In my view, there should be a new detection standard and nomenclature for apps that can potentially be used for malice but on the flipside, can be useful with the right intent; they cannot technically be PUAs, if that makes sense

Nirsoft's apps are great and there may be other software alike in terms of their effectiveness, getting flagged by AVs as PUAs but they shouldn't
 

SeriousHoax

Level 48
Verified
Top Poster
Well-known
Mar 16, 2019
3,710
In my view, there should be a new detection standard and nomenclature for apps that can potentially be used for malice but on the flipside, can be useful with the right intent; they cannot technically be PUAs, if that makes sense

Nirsoft's apps are great and there may be other software alike in terms of their effectiveness, getting flagged by AVs as PUAs but they shouldn't
Bitdefender's home products don't detect Nirsoft utilities, only Endpoint solutions do.
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,251
Some Nirsoft utils should be identified as PUA because they can be used to find passwords, etc. In H_C, I use FullEventLogView to show the blocked events. It is OK to identify it as PUA in Enterprises because Administrators can allow it if necessary. I checked on VirusTotal and FullEventLogView is identified as benign by all AVs (0 detections).
I sent the newest H_C installer to VT. The result is as usual (1 false positive from VBA32). So finally, I can publish the new version (probably today).:)
 

NormanF

Level 8
Verified
Jan 11, 2018
399
And for Bitdefender, you were under the 25MB file size? Otherwise, you need to email support where they will send you a separate email link with the ability to upload the file.

You can't submit a file; submit a photo of the event in your AV along with the ATC No of the event.
 

NormanF

Level 8
Verified
Jan 11, 2018
399
Interesting!

I had two Martin Clement products blacklisted by BitDefender as malicious even though they're legitimate applications. I changed disinfect to take no action. Hopefully BitDefender support will issue an update to whitelist them.
 

partha_roy

Level 3
Oct 16, 2022
105
I had two Martin Clement products blacklisted by BitDefender as malicious even though they're legitimate applications. I changed disinfect to take no action. Hopefully BitDefender support will issue an update to whitelist them.
Unless Bitdefender is notified of the fact that they are legit, I don't think they will whitelist; I would suggest you submit them as false positives
 
  • Like
Reactions: roger_m

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top