cat-users AT lists.geant.org
Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)
List archive
- From: Vidar Kværnø Stokke <vidar.stokke AT ntnu.no>
- To: Stefan Winter <stefan.winter AT restena.lu>, "cat-users AT geant.net" <cat-users AT geant.net>
- Subject: Re: [cat-users] False positive Trojan alert for F-Secure
- Date: Mon, 12 Jan 2015 12:35:18 +0000
- Accept-language: nb-NO, en-GB, en-US
- List-archive: <http://mail.geant.net/pipermail/cat-users/>
- List-id: "The mailing list for users of the eduroam Configuration Assistant Tool \(CAT\)" <cat-users.geant.net>
>-----Original Message-----
>From: Stefan Winter
>[mailto:stefan.winter AT restena.lu]
>Sent: Monday, January 12, 2015 1:17 PM
>To: Vidar Kværnø Stokke;
>cat-users AT geant.net
>Subject: Re: [cat-users] False positive Trojan alert for F-Secure
>
>Hello,
>
>> F-Secure reports our Eduroam CAT installer as Trojan.Generic.12420647.
>Virustotal.com reports 10 out of 55 virus scanners doing the same.
>>
>> Earlier it has been posted to this list that Symantec and ClamAV has done
>the same thing. But now they apparently don't any more. Probably because
>someone has posted a report on false positive to them.
>>
>> What is the best way to handle this? Should each IDP report it to the
>different virus scan providers as they pop up or should this be done by the
>developers?
>>
>> My main goal is of course to get this out of the way as soon as possible so
>that my users don't get used to ignoring reports about viruses.
>
>Doing this once is enough - it's one of the static small helper .exe's
>inside the
>installer that seems to appear fishy to some AVs. It's the one that adds the
>encrypted user password to the registry during the installation process.
>
>I have just uploaded the NTNU Win 7 installer as a false positive to
>F-Secure.
>Can you keep a close eye on the status of the detection in the coming days?
>Eventually, the fix should trickle into F-Secure's DB and get the installer
>out of
>harm's way.
>
>Stefan
Thank you Stefan.
I also posted a false positive to F-Secure last Friday and received a
positive response today. They will update their database shortly.
--
Best regards
Vidar Stokke
Senior Engineer
IT-division, Networking
Norwegian University of Science and Technology
(NTNU)
http://www.ntnu.no/it
- [cat-users] False positive Trojan alert for F-Secure, Vidar Kværnø Stokke, 01/05/2015
- Re: [cat-users] False positive Trojan alert for F-Secure, Stefan Winter, 01/12/2015
- Re: [cat-users] False positive Trojan alert for F-Secure, Vidar Kværnø Stokke, 01/12/2015
- Re: [cat-users] False positive Trojan alert for F-Secure, Stefan Winter, 01/12/2015
Archive powered by MHonArc 2.6.19.