Serious Discussion Problem with submitting false positives to Norton and Bitdefender.

Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,142
partha_roy said:
@Andy Ful
I just received an email from Bitdefender with respect to their analysis of the files that you submitted. If you like, I can share the snapshot of the message privately or if you would like me to share it here, feel free to let me know
Click to expand...
You can post it here.
I also got an email. Two submissions were identified as clean and one as PUA. I asked them why they think it is a PUA, when Microsoft does not think so after manual analysis. Of course, without manual analysis, several executables from Hard_Configurator would be identified as PUA or malware, because H_C is a security-oriented application that can change the Windows built-in security options (including Microsoft Defender and Windows Firewall). That is why I must send all H_C executables to Avast, Bitdefender, Microsoft, and Norton.
 
Last edited:
  • Like
  • Applause
Reactions: SeriousHoax, Trident, piquiteco and 2 others
partha_roy

partha_roy

Level 3
Well-known
Oct 16, 2022
110
Andy Ful said:
You can post it here.
I also got an email. Two submissions were identified as clean and one as PUA. I asked them why they think it is a PUA, when Microsoft does not think so after manual analysis. Of course, without manual analysis, several executables from Hard_Configurator would be identified as PUA or malware, because H_C is a security-oriented application that can change the Windows built-in security options (including Microsoft Defender and Windows Firewall). That is why I must send all H_C executables to Avast, Bitdefender, Microsoft, and Norton.
Click to expand...
Makes sense

This is what they wrote to me:

1688259006915.png
 
  • Like
Reactions: Andy Ful, SeriousHoax, Trident and 1 other person
partha_roy

partha_roy

Level 3
Well-known
Oct 16, 2022
110
In my view, there should be a new detection standard and nomenclature for apps that can potentially be used for malice but on the flipside, can be useful with the right intent; they cannot technically be PUAs, if that makes sense

Nirsoft's apps are great and there may be other software alike in terms of their effectiveness, getting flagged by AVs as PUAs but they shouldn't
 
  • Like
Reactions: Andy Ful, Nevi, roger_m and 1 other person
SeriousHoax

SeriousHoax

Level 47
Verified
Top Poster
Well-known
Mar 16, 2019
3,635
partha_roy said:
In my view, there should be a new detection standard and nomenclature for apps that can potentially be used for malice but on the flipside, can be useful with the right intent; they cannot technically be PUAs, if that makes sense

Nirsoft's apps are great and there may be other software alike in terms of their effectiveness, getting flagged by AVs as PUAs but they shouldn't
Click to expand...
Bitdefender's home products don't detect Nirsoft utilities, only Endpoint solutions do.
 
  • Like
  • +Reputation
Reactions: Andy Ful, Nevi, likeastar20 and 1 other person
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,142
Some Nirsoft utils should be identified as PUA because they can be used to find passwords, etc. In H_C, I use FullEventLogView to show the blocked events. It is OK to identify it as PUA in Enterprises because Administrators can allow it if necessary. I checked on VirusTotal and FullEventLogView is identified as benign by all AVs (0 detections).
I sent the newest H_C installer to VT. The result is as usual (1 false positive from VBA32). So finally, I can publish the new version (probably today).:)
 
  • Like
  • +Reputation
  • Applause
Reactions: roger_m, simmerskool, SeriousHoax and 2 others
N

NormanF

Level 8
Verified
Jan 11, 2018
355
Jonny Quest said:
And for Bitdefender, you were under the 25MB file size? Otherwise, you need to email support where they will send you a separate email link with the ability to upload the file.
Click to expand...

You can't submit a file; submit a photo of the event in your AV along with the ATC No of the event.
 
N

NormanF

Level 8
Verified
Jan 11, 2018
355
partha_roy said:
Interesting!
Click to expand...

I had two Martin Clement products blacklisted by BitDefender as malicious even though they're legitimate applications. I changed disinfect to take no action. Hopefully BitDefender support will issue an update to whitelist them.
 
partha_roy

partha_roy

Level 3
Well-known
Oct 16, 2022
110
NormanF said:
I had two Martin Clement products blacklisted by BitDefender as malicious even though they're legitimate applications. I changed disinfect to take no action. Hopefully BitDefender support will issue an update to whitelist them.
Click to expand...
Unless Bitdefender is notified of the fact that they are legit, I don't think they will whitelist; I would suggest you submit them as false positives
 
  • Like
Reactions: roger_m

Similar threads

Jonny Quest
    • Like
New Update Bitdefender Email Protection
Replies
2
Views
575
Bitdefender
Jonny Quest
Jonny Quest
H
    • Like
Battle Email Protection - Bitdefender Total Security vs Norton 360 Deluxe. Which is superior?
Replies
30
Views
2,208
Software Comparison
HarborFront
H
Jonny Quest
    • Like
    • +Reputation
Bitdefender extends support to ARM-based Windows computers
Replies
0
Views
648
Bitdefender
Jonny Quest
Jonny Quest

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top