Assigned Zemana False Positive Report Thread

  • Thread starter Deleted Member 333v73x
  • Start date
This thread is being handled by a member of the staff.

JM Safe

Level 39
Verified
Top Poster
Apr 12, 2015
2,882
Hi Zemana! I have submitted a false positive (Cloudflare) on new version 3.1.200 thru the interface.

Scan is nice and fast and interface is still nice and easy to navigate from the first beta. :emoji_ok_hand:

Hey @plat1098 , could you please try to do a scan and send us a feedback with UI button

214170


214171


By making sure that you select "Attach latest scan report and error information".
If you are more comfortable you can alternatively ZIP all files here: C:\Users\<Username>\AppData\Local\Zemana\AntiMalware\reports and send them to support@zemana.com
Thank you very much :)
 
Last edited:

JM Safe

Level 39
Verified
Top Poster
Apr 12, 2015
2,882
OK, JMSafe, I have performed the requested actions again for you. ZAM is currently "detecting" Cloudflare DNS and a Firefox extension, possibly Emsisoft or Trace. Thanks for looking into this.

View attachment 214187
Hi @plat1098 , thank you so much :), we will handle this.
About the detected extension could you please try to go to the path of Firefox (c:\users\plat\appdata\roaming\mozilla\firefox\profile\f3uerb8z.default-release\extensions\) and make a screenshot so I can see the entire name of the xpi file? Thank you so much :)
 

plat

Level 29
Top Poster
Sep 13, 2018
1,793
Sure, here it is, hopefully this is what you needed. One obviously cannot open this file in a conventional way so here is a snip of the folder contents in question. You were correct to request a more detailed explanation, which I should have provided in the first place, sorry about that. It appears to be uBlock Origin, lol. Incorrect: by dragging the (22aed....) file into Firefox browser, this ":detection" showed up as my theme Native American Painted Woman, which is my browser decoration. Here it is: Sorry for the error. Again, the detection appears to be a theme, not an extension. @JM Safe.

zam detect ff theme.PNG


ffextxpi.PNG
 
Last edited:

JM Safe

Level 39
Verified
Top Poster
Apr 12, 2015
2,882
Sure, here it is, hopefully this is what you needed. One obviously cannot open this file in a conventional way so here is a snip of the folder contents in question. You were correct to request a more detailed explanation, which I should have provided in the first place, sorry about that. It appears to be uBlock Origin, lol. Incorrect: by dragging the (22aed....) file into Firefox browser, this ":detection" showed up as my theme Native American Painted Woman, which is my browser decoration. Here it is: Sorry for the error. Again, the detection appears to be a theme, not an extension. @JM Safe.

View attachment 214235

View attachment 214233
Hey Plat, we will look into the Firefox extension soon :)
 

Mops21

Level 36
Verified
Honorary Member
Content Creator
Oct 25, 2014
2,503
Hi @@JM Safe and Hi @@Miss Onnellisuus and Hi @@ZAM3_PO

I have anotherone False Positive for you see my screenshot

The Feedback is submiited via the function to you

MD5 : 7FBE63829AE9C97D267440246AC85926
Status : Scanned
Object : c:\program files (x86)\lmir0efab001.tmp_r.bat
Publisher :
Size : 556
Detection : Suspicious:SRC!R
Action : Quarantine

LMIR0EFAB001.tmp_r.bat


With best Regards
Mops21
 

Attachments

  • Zemana Anti-Malware FPs 08.jpg
    Zemana Anti-Malware FPs 08.jpg
    120.2 KB · Views: 599

JM Safe

Level 39
Verified
Top Poster
Apr 12, 2015
2,882
Hi @@JM Safe and Hi @@Miss Onnellisuus and Hi @@ZAM3_PO

I have anotherone False Positive for you see my screenshot

The Feedback is submiited via the function to you

MD5 : 7FBE63829AE9C97D267440246AC85926
Status : Scanned
Object : c:\program files (x86)\lmir0efab001.tmp_r.bat
Publisher :
Size : 556
Detection : Suspicious:SRC!R
Action : Quarantine

LMIR0EFAB001.tmp_r.bat


With best Regards
Mops21
Thanks for reporting this False Positive @Mops21 :)
 
  • Like
Reactions: stefanos

eonline

Level 21
Verified
Well-known
Nov 15, 2017
1,083
Code:
Scan Information
Product Name    :  Zemana AntiMalware
Scan Status    :  Completed
Scan Date    :  5/29/2019 10:23:00 AM
Scan Type    :  Smart Scan
Scan Duration    :  00:00:20
Scanned Objects    :  2256
Detected Objects    :  4
Excluded Objects    :  0
Auto Upload    :  False
OS    :  Windows 10 x64
Processor    :  8X Intel(R) Core(TM) i7-7700 CPU @ 3.60GHz
BIOS Mode    :  UEFI
Domain Info    :  WORKGROUP,False,NetSetupWorkgroupName
CUID    :  1232230E9868BF456225E3


Detections
MD5    :  6231F5AC99196A964D7EAA3CB5677B11
Status    :  Scanned
Object    :  d:\battle.net\battle.net.11189\qt5gui.dll
Publisher    :  
Size    :  5022208
Detection    :  Suspicious:SRC!P
Action    :  -
-----------------------------------------------------------------------
MD5    :  E161498A80109EED9E4DD451B2CE8073
Status    :  Scanned
Object    :  d:\battle.net\battle.net.11189\imageformats\qgif.dll
Publisher    :  
Size    :  26112
Detection    :  Suspicious:SRC!P
Action    :  -
-----------------------------------------------------------------------
MD5    :  428749FFA7A5ADEA47109C5F0CC28808
Status    :  Scanned
Object    :  d:\battle.net\battle.net.11189\imageformats\qmng.dll
Publisher    :  
Size    :  223744
Detection    :  Suspicious:SRC!P
Action    :  -
-----------------------------------------------------------------------
MD5    :  E44843DEB15B491CCFEE9B997283044E
Status    :  Scanned
Object    :  d:\battle.net\battle.net.11189\qml\qtquick\controls.2\qtquickcontrols2plugin.dll
Publisher    :  
Size    :  84480
Detection    :  Suspicious:SRC!P
Action    :  -
-----------------------------------------------------------------------
 

Mops21

Level 36
Verified
Honorary Member
Content Creator
Oct 25, 2014
2,503
Hi @@JM Safe and Hi @@Miss Onnellisuus and Hi @@ZAM3_PO

I have anotherone False Positive for you see my screenshot

The Feedback is submiited via the function to you

MD5 : 7FBE63829AE9C97D267440246AC85926
Status : Scanned
Object : c:\program files (x86)\lmir0efab001.tmp_r.bat
Publisher :
Size : 556
Detection : Suspicious:SRC!R
Action : Quarantine

LMIR0EFAB001.tmp_r.bat


With best Regards
Mops21

Hi @JM Safe and Hi @ZAM3_PO and Hi @Miss Onnellisuus

Any Infos about this available

And any Infos about the False Positives from @Lobito Punky

With best Regards
Mops21
 

Mops21

Level 36
Verified
Honorary Member
Content Creator
Oct 25, 2014
2,503
Hello guys, we will look into that. Thanks for reporting.


Hello, could you please report as safe the detection via the UI or post here the scan report? You can see the scan reports here %localappdata%\Zemana\AntiMalware\reports
Thank you :)

Hi

Thank you very much for your Infos

Wirth best Regards
Mops21
 
  • Like
Reactions: oldschool

eonline

Level 21
Verified
Well-known
Nov 15, 2017
1,083
Hello guys, we will look into that. Thanks for reporting.


Hello, could you please report as safe the detection via the UI or post here the scan report? You can see the scan reports here %localappdata%\Zemana\AntiMalware\reports
Thank you :)

Code:
{"Id":"2019-29-5--10-22-40","ReportDate":"2019-05-29T10:22:40.1486027-03:00","ReportVersion":1,"ScanInfo":{"ProductName":"Zemana AntiMalware","ScanType":1,"ScanStatus":3,"ScanDate":"2019-05-29T10:23:00.4156011-03:00","ScanDuration":"00:00:20","ScannedObjects":2256,"DetectedObjects":4,"ExcludedObjects":0,"AutoUpload":false,"OS":"Windows 10 x64","Processor":"8X Intel(R) Core(TM) i7-7700 CPU @ 3.60GHz","BIOSMode":"UEFI","DomainInfo":"WORKGROUP,False,NetSetupWorkgroupName","CUID":"1232230E9868BF456225E3"},"Duration":"00:00:20","DetectionObjects":[{"Id":0,"MD5":"6231F5AC99196A964D7EAA3CB5677B11","Status":"Scanned","Object":"d:\\battle.net\\battle.net.11189\\qt5gui.dll","Publisher":"","Size":5022208,"Detection":"Suspicious:SRC!P","Action":"-","CleanResult":"-","FileType":"FILE_SUSPICIOUS","DetectionSource":"DETECTION_FILE"},{"Id":1,"MD5":"E161498A80109EED9E4DD451B2CE8073","Status":"Scanned","Object":"d:\\battle.net\\battle.net.11189\\imageformats\\qgif.dll","Publisher":"","Size":26112,"Detection":"Suspicious:SRC!P","Action":"-","CleanResult":"-","FileType":"FILE_SUSPICIOUS","DetectionSource":"DETECTION_FILE"},{"Id":2,"MD5":"428749FFA7A5ADEA47109C5F0CC28808","Status":"Scanned","Object":"d:\\battle.net\\battle.net.11189\\imageformats\\qmng.dll","Publisher":"","Size":223744,"Detection":"Suspicious:SRC!P","Action":"-","CleanResult":"-","FileType":"FILE_SUSPICIOUS","DetectionSource":"DETECTION_FILE"},{"Id":3,"MD5":"E44843DEB15B491CCFEE9B997283044E","Status":"Scanned","Object":"d:\\battle.net\\battle.net.11189\\qml\\qtquick\\controls.2\\qtquickcontrols2plugin.dll","Publisher":"","Size":84480,"Detection":"Suspicious:SRC!P","Action":"-","CleanResult":"-","FileType":"FILE_SUSPICIOUS","DetectionSource":"DETECTION_FILE"}]}

(y)
 

Mops21

Level 36
Verified
Honorary Member
Content Creator
Oct 25, 2014
2,503
Hi @JM Safe and Hi @Miss Onnellisuus and Hi @ZAM3_PO

I have another False Positives for you see my screenshot

The Feedback is submiited via the function to you

MD5 : 645BFB545BFA63DF94D6B2B453C32A89
Status : Scanned
Object : c:\windows\system32\winmm.dll
Publisher :
Size : 126056
Detection : Suspicious:SRC!P
Action : Quarantine

MD5 : CA1E019BDB26DA419E1035E048C3AF25
Status : Scanned
Object : c:\windows\system32\xmllite.dll
Publisher :
Size : 230816
Detection : Suspicious:SRC!P
Action : Quarantine

MD5 : 5090F0D376CC4219B2E0621694BD1134
Status : Scanned
Object : c:\windows\system32\dnsrslvr.dll
Publisher :
Size : 252416
Detection : Suspicious:SRC!P
Action : Quarantine

The same Files from the System32 Folder

dnsrslvr.dll


winmm.dll


XmlLite.dll


The same Files from the System64 Folder

winmm.dll


XmlLite.dll


With best Regards
Mops21
 

Attachments

  • Zemana Anti-Malware June FPs 01.jpg
    Zemana Anti-Malware June FPs 01.jpg
    152.6 KB · Views: 590
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top