Eset and other anti-virus products false positive on Windows wrapper exe


Advanced search

Message boards : Questions and problems : Eset and other anti-virus products false positive on Windows wrapper exe
Message board moderation

To post messages, you must log in.

AuthorMessage
aD

Send message
Joined: 11 Sep 14
Posts: 3
United Kingdom
Message 55980 - Posted: 11 Sep 2014, 14:08:19 UTC

Having just switched BOINC on for the coming British winter I noticed that Eset anti-virus is incorrectly detecting the Windows wrapper exe, distributed via the project theSkyNetPOGS, as "a variant of Win32/BitCoinMiner.CC potentially unsafe application".

The exe in question is downloaded by BOINC from http://pogs.theskynet.org/pogs/download/wrapper_windows_intelx86.exe_340.gz
SHA256 of extracted exe: aa059926a41b13379342c0c7d091c9f1070cc306a0f8ec5972889ef37e33ba2c

I have reported this false positive to Eset but unfortunately got this reply:
"we do not consider this a false positive and it will not likely be reclassified, as multiple vendors are detecting this file. Please see https://www.virustotal.com/en/file/aa059926a41b13379342c0c7d091c9f1070cc306a0f8ec5972889ef37e33ba2c/analysis/1407612101/ "

The linked VirusTotal page lists 16 other anti-virus products that incorrectly detect this program as a "Hacking tool", trojan or an unsolicited BitCoin miner.

I am sure that any new users who get such a spurious warning from their anti-virus product may be put off contributing as a result.

I am an Eset reseller as part of my business, and have a channel of communication with them. If BOINC could assist in confirming that this exe is in fact innocent it would be appreciated. samples@eset.com is the email address at Eset that deal with virus signature queries.
ID: 55980 · Report as offensive
Profile Jord
Volunteer tester
Help desk expert
Avatar

Send message
Joined: 29 Aug 05
Posts: 15480
Netherlands
Message 55981 - Posted: 11 Sep 2014, 14:19:21 UTC - in response to Message 55980.  
Last modified: 11 Sep 2014, 14:24:11 UTC

Any part of the project science application that gets detected as hostile by antivirus is best reported at the project. So in this case, you'll have to ask theSkyNetPOGS for help.

But here at BOINC we advise people to exclude their BOINC Data directory and all files and subdirectories from being scanned by their antivirus product. In the case of Eset NOD32 Antivirus 6, I have written this FAQ.
Other AV FAQs are here.
ID: 55981 · Report as offensive
aD

Send message
Joined: 11 Sep 14
Posts: 3
United Kingdom
Message 55985 - Posted: 11 Sep 2014, 15:46:30 UTC - in response to Message 55981.  

Thanks for such a quick reply. I've posted on the POGS forum so will concentrate my efforts there. Cheers.
ID: 55985 · Report as offensive
Devlin85
Avatar

Send message
Joined: 11 Sep 14
Posts: 7
United States
Message 55995 - Posted: 11 Sep 2014, 19:25:15 UTC

bitdefender also flags a few of the boinc projects as malware and starts blocking them causing instant computation errors.. once it does you just need to exclude it in the antivirus software though.. AVG seems to work no issues. no interference..
ID: 55995 · Report as offensive
aD

Send message
Joined: 11 Sep 14
Posts: 3
United Kingdom
Message 55997 - Posted: 11 Sep 2014, 19:54:33 UTC - in response to Message 55995.  

You ought to report false positives and press for their resolution. The more people who complain, the more the shredder becomes overloaded. Eventually, someone has to read the reports :-)
ID: 55997 · Report as offensive

Message boards : Questions and problems : Eset and other anti-virus products false positive on Windows wrapper exe

Copyright © 2024 University of California.
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation.