Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,591
Problem with submitting false positives to Norton and Bitdefender.
- Thread starter Andy Ful
- Start date
- Oct 16, 2022
- 128
@Andy Ful
I just received an email from Bitdefender with respect to their analysis of the files that you submitted. If you like, I can share the snapshot of the message privately or if you would like me to share it here, feel free to let me know
I just received an email from Bitdefender with respect to their analysis of the files that you submitted. If you like, I can share the snapshot of the message privately or if you would like me to share it here, feel free to let me know
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,591
You can post it here.
I also got an email. Two submissions were identified as clean and one as PUA. I asked them why they think it is a PUA, when Microsoft does not think so after manual analysis. Of course, without manual analysis, several executables from Hard_Configurator would be identified as PUA or malware, because H_C is a security-oriented application that can change the Windows built-in security options (including Microsoft Defender and Windows Firewall). That is why I must send all H_C executables to Avast, Bitdefender, Microsoft, and Norton.
Last edited:
- Oct 16, 2022
- 128
- Jan 27, 2018
- 1,431
This is a Nirsoft program, their programs have been flagged by various AV's for years.
- Oct 16, 2022
- 128
In my view, there should be a new detection standard and nomenclature for apps that can potentially be used for malice but on the flipside, can be useful with the right intent; they cannot technically be PUAs, if that makes sense
Nirsoft's apps are great and there may be other software alike in terms of their effectiveness, getting flagged by AVs as PUAs but they shouldn't
Nirsoft's apps are great and there may be other software alike in terms of their effectiveness, getting flagged by AVs as PUAs but they shouldn't
- Mar 16, 2019
- 3,867
Bitdefender's home products don't detect Nirsoft utilities, only Endpoint solutions do.
- Oct 16, 2022
- 128
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,591
Some Nirsoft utils should be identified as PUA because they can be used to find passwords, etc. In H_C, I use FullEventLogView to show the blocked events. It is OK to identify it as PUA in Enterprises because Administrators can allow it if necessary. I checked on VirusTotal and FullEventLogView is identified as benign by all AVs (0 detections).
I sent the newest H_C installer to VT. The result is as usual (1 false positive from VBA32). So finally, I can publish the new version (probably today).
I sent the newest H_C installer to VT. The result is as usual (1 false positive from VBA32). So finally, I can publish the new version (probably today).
You can't submit a file; submit a photo of the event in your AV along with the ATC No of the event.
I had two Martin Clement products blacklisted by BitDefender as malicious even though they're legitimate applications. I changed disinfect to take no action. Hopefully BitDefender support will issue an update to whitelist them.
- Oct 16, 2022
- 128
Unless Bitdefender is notified of the fact that they are legit, I don't think they will whitelist; I would suggest you submit them as false positives
Similar threads
