|
sffdb8 Posts: 20
01/08/2016
|
Log shows:
Category: Trojan Monitoring Software
Description: This program is dangerous and records user activity.
Recommended action: Remove this software immediately.
Items:
file:J:\SyMenu\SyMenu.exe
runkey:HKCU@S-1-5-21-2855862860-2701475574-3692590855-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\SyMenu
regkey:HKCU@S-1-5-21-2855862860-2701475574-3692590855-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\SyMenu
Please advise...
edited by sffdb8 on 01/08/2016
|
|
|
link
|
|
Gianluca Administrator Posts: 1349
01/08/2016
|
It's a false positive. MS has already corrected it's AV definitions.
https://www.microsoft.com/en-us/security/portal/submission/SubmissionHistory.aspx? SubmissionId=ad17b39d-947f-43bc-be08-b698e6ac8c62
|
|
|
link
|
|
otz Posts: 3
02/08/2016
|
And how about another AV?
https://www.virustotal.com/ru/file/a3fcff6acbd06dd442a888a84e0785707c8f287429da41ff344bdbc9c151a4e5/analysis/
|
|
|
link
|
|
Gianluca Administrator Posts: 1349
02/08/2016
|
Since there is no threat in symenu I imagine is the same.
If you trust the program report the false positive please.
|
|
|
link
|
|
lupusbalo Posts: 77
02/08/2016
|
there are also lots of programs (mainly in Nirsoft suite) that are considered as "dangerous" (and they actually could be ...)
To avoid AV alerts I suggest to exclude the symenu folder entirely from the AV scan
|
|
|
link
|
|
k3tonan Posts: 4
04/08/2016
|
Other interesting note is via Edge I cannot get to the website without bypassing SmartScreen.
While the SyMenu.exe has been flagged as safe the SyMenuPackage.exe & SyMenu.zip are still being flagged as a virus; which I have already reported it as safe.
|
|
|
link
|
|
eson Posts: 46
16/08/2016
|
It's happening again! Windows Defender silently quarantining SyMenu.exe. McAfee and Kaspersky, along with some others not so well known, is obviously following.
https://www.virustotal.com/sv/file/c942e13e790b5a7cb7107ecd6d890b38e8cd3973d45cbef9ed28680631c3b5c5/analysis/1471319741/
Here's for you, Gian!
https://www.microsoft.com/en-us/security/portal/mmpc/developer/resources.aspx
edited by eson on 16/08/2016
|
|
|
link
|
|
Gianluca Administrator Posts: 1349
16/08/2016
|
http://www.ugmfree.it/Forum/messages.aspx?TopicID=442#post1477
|
|
|
link
|
|
eson Posts: 46
16/08/2016
|
Here's Windows Defender report page for users...
https://www.microsoft.com/en-us/security/portal/submission/submit.aspx
|
|
|
link
|
|
eson Posts: 46
20/08/2016
|
I have reported to Microsoft, F-Secure, Kaspersky, Symantec, McAfee and BitDefender. So far, only Microsoft have fixed their signatures.
https://www.virustotal.com/sv/file/57d16bc4f7a14c788783db112d73b38f36f4b6a227ef8ddc49c681dfe6336285/analysis/
|
|
|
link
|
|
eson Posts: 46
21/08/2016
|
F-Secure was the first one to respond...
Thank you for your submission.The file is clean and now the database already fixed to remove the detection. We apologize for the false positive as it was detected by the generic detection which it was accidentally detected your file. If you see any false positive to your clean file, please submit to us immediately so that we can fix it within few hours.
BitDefender also removed the false detection. From yesterdays 22 false positives to 15 over night... We can fix this, Gian! ;-)
https://www.virustotal.com/sv/file/57d16bc4f7a14c788783db112d73b38f36f4b6a227ef8ddc49c681dfe6336285/analysis/1471796428/
edited by eson on 21/08/2016
|
|
|
link
|
|
Gianluca Administrator Posts: 1349
22/08/2016
|
Hi my friend.
Report the false positive to any AV on Earth is totally senseless and it takes too much time.
So I took another way.
http://www.ugmfree.it/Forum/messages.aspx?TopicID=442&MessageID=1493#post1493
If necessary I'm ready to release a new version daily! Always the same SyMenu version indeed but if the AV work this way I'm ready to workaroud them all...
|
|
|
link
|