View Post [edit]
Poster: | Der AppleSeed | Date: | Mar 8, 2024 2:55pm |
Forum: | software | Subject: | false positive (again,, and again) |
These files were extracted from an ISO that already exists on archive.org servers.
https://www.virustotal.com/gui/file/7e26f3fc3003d0cdbe1e0b90b8ff04a4f300341eb9b709e59e6d3c1346296b91/detection/f-7e26f3fc3003d0cdbe1e0b90b8ff04a4f300341eb9b709e59e6d3c1346296b91-1709921720
Please look at the vendors who reported:
Arcabit Trojan.Heur.FU.EC48DA
BitDefender Gen:Trojan.Heur.FU.cG1@aG1lh@mi
BitDefenderTheta AI:Packer.F325D7621F
Emsisoft Gen:Trojan.Heur.FU.cG1@aG1lh@mi (B)
GData Gen:Trojan.Heur.FU.cG1@aG1lh@mi
Malwarebytes MachineLearning/Anomalous.100%
MAX Malware (ai Score=88)
Trellix (FireEye) Gen:Trojan.Heur.FU.cG1@aG1lh@mi
VBA32 BScope.Trojan.FakeAlert
VIPRE Gen:Trojan.Heur.FU.cG1@aG1lh@mi
Heuristic, heuristic, heuristic, etc.
Most of those vendors weren't even around when the files were created to even build a heuristic dataset.
IOW, they are pulling turds out of their butts.
These vendors - at least the many shoddy ones - do not see their job as finding malware. They see their job is to sell product. And the more often the cry wolf, and the less capale their product is, the more the uninformed will quiver and buy their junk.
archive.org prides itself in maintaining a well-disciplined, vast, and permanent repository. Using this current method does more harm than good, imo.
Like so many others, I perform due diligence to verify file authenticity, it's history, and record relevant information. It is painful to see work tossed aside, knowing that I'm not doing it for any other reason than to help preserve our history.
Thanks for reading.
Reply [edit]
Poster: | Der AppleSeed | Date: | Mar 8, 2024 3:41pm |
Forum: | software | Subject: | Re: false positive (again,, and again) |
https://www.hybrid-analysis.com/sample/7e26f3fc3003d0cdbe1e0b90b8ff04a4f300341eb9b709e59e6d3c1346296b91
Reply [edit]
Poster: | Jeff Kaplan | Date: | Mar 14, 2024 7:57pm |
Forum: | software | Subject: | Re: false positive (again,, and again) |
Reply [edit]
Poster: | Der AppleSeed | Date: | Mar 15, 2024 7:54am |
Forum: | software | Subject: | Re: false positive (again,, and again) |
This post was modified by Der AppleSeed on 2024-03-15 14:54:10
Reply [edit]
Poster: | USA DAVEY | Date: | Mar 14, 2024 6:04am |
Forum: | software | Subject: | Re: false positive (again,, and again) |
Reply [edit]
Poster: | Der AppleSeed | Date: | Mar 15, 2024 7:26am |
Forum: | software | Subject: | Re: false positive (again,, and again) |
Also: as I may have already said, hybrid-analysis.com, filters out heuristic flags and results of the bottom feeder so-called "anti-virus: apps.
VirusTotal (it seems to me) has become little more than a shill for these deplorable vendors, nullifying its efficacy as a useful tool for archive.org.
I get it: I understand archive.org's interest in keeping malware out of its vast repository.
That said, often, the baby is getting thrown out with the wash.
Also noted by mine and reported similar issues from other users - these "false-positives seem to be heavily weighted against Microsoft products specifically, and games generally.
My only thought is that archive.org could develop its own in house method, or perhaps come to an arrangement with hybrid-analysis.com.