Assigned Zemana False Positive Report Thread

  • Thread starter Deleted Member 333v73x
  • Start date
This thread is being handled by a member of the staff.
J

JM Safe

Level 39
Verified
Top Poster
Apr 12, 2015
2,882
plat1098 said:
Hi Zemana! I have submitted a false positive (Cloudflare) on new version 3.1.200 thru the interface.

Scan is nice and fast and interface is still nice and easy to navigate from the first beta. :emoji_ok_hand:

View attachment 213612
Click to expand...
Hey @plat1098 , could you please try to do a scan and send us a feedback with UI button

214170


214171


By making sure that you select "Attach latest scan report and error information".
If you are more comfortable you can alternatively ZIP all files here: C:\Users\<Username>\AppData\Local\Zemana\AntiMalware\reports and send them to support@zemana.com
Thank you very much :)
 
Last edited:
  • Like
Reactions: stefanos, [correlate], harlan4096 and 1 other person
J

JM Safe

Level 39
Verified
Top Poster
Apr 12, 2015
2,882
plat1098 said:
OK, JMSafe, I have performed the requested actions again for you. ZAM is currently "detecting" Cloudflare DNS and a Firefox extension, possibly Emsisoft or Trace. Thanks for looking into this.

View attachment 214187
Click to expand...
Hi @plat1098 , thank you so much :), we will handle this.
About the detected extension could you please try to go to the path of Firefox (c:\users\plat\appdata\roaming\mozilla\firefox\profile\f3uerb8z.default-release\extensions\) and make a screenshot so I can see the entire name of the xpi file? Thank you so much :)
 
  • Like
  • Thanks
Reactions: stefanos, [correlate] and harlan4096
P

plat

Level 29
Top Poster
Sep 13, 2018
1,793
Sure, here it is, hopefully this is what you needed. One obviously cannot open this file in a conventional way so here is a snip of the folder contents in question. You were correct to request a more detailed explanation, which I should have provided in the first place, sorry about that. It appears to be uBlock Origin, lol. Incorrect: by dragging the (22aed....) file into Firefox browser, this ":detection" showed up as my theme Native American Painted Woman, which is my browser decoration. Here it is: Sorry for the error. Again, the detection appears to be a theme, not an extension. @JM Safe.

zam detect ff theme.PNG


ffextxpi.PNG
 
Last edited:
  • Like
  • Thanks
Reactions: stefanos, Divine_Barakah, [correlate] and 2 others
J

JM Safe

Level 39
Verified
Top Poster
Apr 12, 2015
2,882
plat1098 said:
Sure, here it is, hopefully this is what you needed. One obviously cannot open this file in a conventional way so here is a snip of the folder contents in question. You were correct to request a more detailed explanation, which I should have provided in the first place, sorry about that. It appears to be uBlock Origin, lol. Incorrect: by dragging the (22aed....) file into Firefox browser, this ":detection" showed up as my theme Native American Painted Woman, which is my browser decoration. Here it is: Sorry for the error. Again, the detection appears to be a theme, not an extension. @JM Safe.

View attachment 214235

View attachment 214233
Click to expand...
Hey Plat, we will look into the Firefox extension soon :)
 
  • Like
  • Thanks
Reactions: stefanos, plat and harlan4096
M

Mops21

Level 35
Verified
Honorary Member
Content Creator
Oct 25, 2014
2,489
Hi @@JM Safe and Hi @@Miss Onnellisuus and Hi @@ZAM3_PO

I have anotherone False Positive for you see my screenshot

The Feedback is submiited via the function to you

MD5 : 7FBE63829AE9C97D267440246AC85926
Status : Scanned
Object : c:\program files (x86)\lmir0efab001.tmp_r.bat
Publisher :
Size : 556
Detection : Suspicious:SRC!R
Action : Quarantine

LMIR0EFAB001.tmp_r.bat

VirusTotal

VirusTotal
www.virustotal.com www.virustotal.com

With best Regards
Mops21
 

Attachments

  • Zemana Anti-Malware FPs 08.jpg
    Zemana Anti-Malware FPs 08.jpg
    120.2 KB · Views: 591
  • Like
Reactions: stefanos and JM Safe
J

JM Safe

Level 39
Verified
Top Poster
Apr 12, 2015
2,882
Mops21 said:
Hi @@JM Safe and Hi @@Miss Onnellisuus and Hi @@ZAM3_PO

I have anotherone False Positive for you see my screenshot

The Feedback is submiited via the function to you

MD5 : 7FBE63829AE9C97D267440246AC85926
Status : Scanned
Object : c:\program files (x86)\lmir0efab001.tmp_r.bat
Publisher :
Size : 556
Detection : Suspicious:SRC!R
Action : Quarantine

LMIR0EFAB001.tmp_r.bat

VirusTotal

VirusTotal
www.virustotal.com www.virustotal.com

With best Regards
Mops21
Click to expand...
Thanks for reporting this False Positive @Mops21 :)
 
  • Like
Reactions: stefanos
eonline

eonline

Level 21
Verified
Well-known
Nov 15, 2017
1,083
Code: 
Scan Information
Product Name    :  Zemana AntiMalware
Scan Status    :  Completed
Scan Date    :  5/29/2019 10:23:00 AM
Scan Type    :  Smart Scan
Scan Duration    :  00:00:20
Scanned Objects    :  2256
Detected Objects    :  4
Excluded Objects    :  0
Auto Upload    :  False
OS    :  Windows 10 x64
Processor    :  8X Intel(R) Core(TM) i7-7700 CPU @ 3.60GHz
BIOS Mode    :  UEFI
Domain Info    :  WORKGROUP,False,NetSetupWorkgroupName
CUID    :  1232230E9868BF456225E3


Detections
MD5    :  6231F5AC99196A964D7EAA3CB5677B11
Status    :  Scanned
Object    :  d:\battle.net\battle.net.11189\qt5gui.dll
Publisher    :  
Size    :  5022208
Detection    :  Suspicious:SRC!P
Action    :  -
-----------------------------------------------------------------------
MD5    :  E161498A80109EED9E4DD451B2CE8073
Status    :  Scanned
Object    :  d:\battle.net\battle.net.11189\imageformats\qgif.dll
Publisher    :  
Size    :  26112
Detection    :  Suspicious:SRC!P
Action    :  -
-----------------------------------------------------------------------
MD5    :  428749FFA7A5ADEA47109C5F0CC28808
Status    :  Scanned
Object    :  d:\battle.net\battle.net.11189\imageformats\qmng.dll
Publisher    :  
Size    :  223744
Detection    :  Suspicious:SRC!P
Action    :  -
-----------------------------------------------------------------------
MD5    :  E44843DEB15B491CCFEE9B997283044E
Status    :  Scanned
Object    :  d:\battle.net\battle.net.11189\qml\qtquick\controls.2\qtquickcontrols2plugin.dll
Publisher    :  
Size    :  84480
Detection    :  Suspicious:SRC!P
Action    :  -
-----------------------------------------------------------------------
 
M

Mops21

Level 35
Verified
Honorary Member
Content Creator
Oct 25, 2014
2,489
Mops21 said:
Hi @@JM Safe and Hi @@Miss Onnellisuus and Hi @@ZAM3_PO

I have anotherone False Positive for you see my screenshot

The Feedback is submiited via the function to you

MD5 : 7FBE63829AE9C97D267440246AC85926
Status : Scanned
Object : c:\program files (x86)\lmir0efab001.tmp_r.bat
Publisher :
Size : 556
Detection : Suspicious:SRC!R
Action : Quarantine

LMIR0EFAB001.tmp_r.bat

VirusTotal

VirusTotal
www.virustotal.com www.virustotal.com

With best Regards
Mops21
Click to expand...

Hi @JM Safe and Hi @ZAM3_PO and Hi @Miss Onnellisuus

Any Infos about this available

And any Infos about the False Positives from @Lobito Punky

With best Regards
Mops21
 
  • Like
Reactions: oldschool, stefanos and eonline
M

Mops21

Level 35
Verified
Honorary Member
Content Creator
Oct 25, 2014
2,489
JM Safe said:
Hello guys, we will look into that. Thanks for reporting.


Hello, could you please report as safe the detection via the UI or post here the scan report? You can see the scan reports here %localappdata%\Zemana\AntiMalware\reports
Thank you :)
Click to expand...

Hi

Thank you very much for your Infos

Wirth best Regards
Mops21
 
  • Like
Reactions: oldschool
eonline

eonline

Level 21
Verified
Well-known
Nov 15, 2017
1,083
JM Safe said:
Hello guys, we will look into that. Thanks for reporting.


Hello, could you please report as safe the detection via the UI or post here the scan report? You can see the scan reports here %localappdata%\Zemana\AntiMalware\reports
Thank you :)
Click to expand...

Code: 
{"Id":"2019-29-5--10-22-40","ReportDate":"2019-05-29T10:22:40.1486027-03:00","ReportVersion":1,"ScanInfo":{"ProductName":"Zemana AntiMalware","ScanType":1,"ScanStatus":3,"ScanDate":"2019-05-29T10:23:00.4156011-03:00","ScanDuration":"00:00:20","ScannedObjects":2256,"DetectedObjects":4,"ExcludedObjects":0,"AutoUpload":false,"OS":"Windows 10 x64","Processor":"8X Intel(R) Core(TM) i7-7700 CPU @ 3.60GHz","BIOSMode":"UEFI","DomainInfo":"WORKGROUP,False,NetSetupWorkgroupName","CUID":"1232230E9868BF456225E3"},"Duration":"00:00:20","DetectionObjects":[{"Id":0,"MD5":"6231F5AC99196A964D7EAA3CB5677B11","Status":"Scanned","Object":"d:\\battle.net\\battle.net.11189\\qt5gui.dll","Publisher":"","Size":5022208,"Detection":"Suspicious:SRC!P","Action":"-","CleanResult":"-","FileType":"FILE_SUSPICIOUS","DetectionSource":"DETECTION_FILE"},{"Id":1,"MD5":"E161498A80109EED9E4DD451B2CE8073","Status":"Scanned","Object":"d:\\battle.net\\battle.net.11189\\imageformats\\qgif.dll","Publisher":"","Size":26112,"Detection":"Suspicious:SRC!P","Action":"-","CleanResult":"-","FileType":"FILE_SUSPICIOUS","DetectionSource":"DETECTION_FILE"},{"Id":2,"MD5":"428749FFA7A5ADEA47109C5F0CC28808","Status":"Scanned","Object":"d:\\battle.net\\battle.net.11189\\imageformats\\qmng.dll","Publisher":"","Size":223744,"Detection":"Suspicious:SRC!P","Action":"-","CleanResult":"-","FileType":"FILE_SUSPICIOUS","DetectionSource":"DETECTION_FILE"},{"Id":3,"MD5":"E44843DEB15B491CCFEE9B997283044E","Status":"Scanned","Object":"d:\\battle.net\\battle.net.11189\\qml\\qtquick\\controls.2\\qtquickcontrols2plugin.dll","Publisher":"","Size":84480,"Detection":"Suspicious:SRC!P","Action":"-","CleanResult":"-","FileType":"FILE_SUSPICIOUS","DetectionSource":"DETECTION_FILE"}]}

(y)
 
  • Like
Reactions: oldschool and harlan4096
M

Mops21

Level 35
Verified
Honorary Member
Content Creator
Oct 25, 2014
2,489
Hi @JM Safe and Hi @Miss Onnellisuus and Hi @ZAM3_PO

I have another False Positives for you see my screenshot

The Feedback is submiited via the function to you

MD5 : 645BFB545BFA63DF94D6B2B453C32A89
Status : Scanned
Object : c:\windows\system32\winmm.dll
Publisher :
Size : 126056
Detection : Suspicious:SRC!P
Action : Quarantine

MD5 : CA1E019BDB26DA419E1035E048C3AF25
Status : Scanned
Object : c:\windows\system32\xmllite.dll
Publisher :
Size : 230816
Detection : Suspicious:SRC!P
Action : Quarantine

MD5 : 5090F0D376CC4219B2E0621694BD1134
Status : Scanned
Object : c:\windows\system32\dnsrslvr.dll
Publisher :
Size : 252416
Detection : Suspicious:SRC!P
Action : Quarantine

The same Files from the System32 Folder

dnsrslvr.dll

VirusTotal

VirusTotal
www.virustotal.com www.virustotal.com

winmm.dll

VirusTotal

VirusTotal
www.virustotal.com www.virustotal.com

XmlLite.dll

VirusTotal

VirusTotal
www.virustotal.com www.virustotal.com

The same Files from the System64 Folder

winmm.dll

VirusTotal

VirusTotal
www.virustotal.com www.virustotal.com

XmlLite.dll

VirusTotal

VirusTotal
www.virustotal.com www.virustotal.com

With best Regards
Mops21
 

Attachments

  • Zemana Anti-Malware June FPs 01.jpg
    Zemana Anti-Malware June FPs 01.jpg
    152.6 KB · Views: 581
Last edited:
  • Like
Reactions: harlan4096, oldschool and Gandalf_The_Grey

Similar threads

Andy Ful
    • Like
    • Wow
Serious Discussion Problem with submitting false positives to Norton and Bitdefender.
Replies
31
Views
3,207
General Security Discussions
partha_roy
partha_roy
Bot
    • Like
New in 2023.12: Smarter and faster detection
Replies
9
Views
889
Emsisoft
Zartarra
Zartarra
[correlate]
    • Like
Vulnerable HTTP Report
Replies
0
Views
1,094
News Archive
[correlate]
[correlate]

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top