All,

1. McAfee fixed the false-positive bug for SB7 apps (very fast, good job).

McAfee Labs Sample Analysis
Issue Number: 6206606 Virus Researcher: Neha Chattopadhyay
Identified: No Virus/Trojan

McAfee Labs, McAfee Labs, Bangalore, India


2. Comodo fixed the false-positive bug for SB7 apps (ultra fast, very good
job).

This is to inform you that false-positives with SB7 has been fixed. You
can update to AV database Version 6101 of Comodo Internet Security
Version 4.1.150349.920 and confirm it.

Comodo Antivirus Lab


3. F-Secure is still working on their DeepGuard fix for SB7 apps (I am
speechless -- 28 days to fix such a major issue is, well, "suboptimal").

Friedrich

--
Friedrich Linder
Lindersoft
www.lindersoft.com
+1.954.252.3910

SetupBuilder is Windows installation -- "point. click. ship"

-- Official Comodo Code Signing and SSL Certificate Partner

See?
It's what I said in another thread.

Betcha the Indian dude working for McAfee is actually doing his job, rather
than chassing herring!

jf

Nah Jane, that's just a red herring.

John Griffiths

Not to mention my fishy attempt at spelling "chasing" :rolleyes:

Jane Fleming

Hi Friedrich,

while wandering in google during a task processing in the background
here .....

arcadia russia
Aleksey
in their client list is .... F-Secure ;)
http://www.offshore-software.ru/Customers/CustomersList/tabid/137/Default.aspx

--
Merci
Cordialement - Best regards
Jean-Pierre GUTSATZ
__________________________________________________ _____

For those who do not understand ... : "Qui bene amat bene castigat."
__________________________________________________ _____

DMC - Data Management Center : a tool to let you Migrate Import Export
Transfer your Data
www.dmc-fr.com Certified by Microsoft : "Works with Vista" & "Works
with Windows Server 2008"

According to VirusTotal.com scanning, F-Secure has tentatively fixed the
false-positive bug for SB7 apps in their DeepGuard system.

--
Friedrich Linder
Lindersoft
www.lindersoft.com
+1.954.252.3910

SetupBuilder is Windows 7 installation -- "point. click. ship"

-- Official Comodo Code Signing and SSL Certificate Partner

> According to VirusTotal.com scanning, F-Secure has tentatively fixed the
> false-positive bug for SB7 apps in their DeepGuard system.

Friedrich,

I can confirm that - after a normal update (these occur at 2 hour
intervals) of recent F-Secure definitions, DeepGuard is not challenging
SB72 installs.

Curious - why do you say "tentatively fixed" - just being cautious or have
information they are still in a test only posture?

David

--
From David Troxell - Encourager Software
Microsoft Forums NNTP Bridge - Instructions to use
http://profileexchanges.com/blog/?p=397

Hi David,

> Curious - why do you say "tentatively fixed" - just being cautious or have
> information they are still in a test only posture?

Virustotal.com reported no problem, but on our internal test machine with
F-Secure installed, it still blocked wupdate.exe (and a few other SB7
generated test apps). But most apps went through OK now. So perhaps our
test machine did not have the latest DeepGuard (web update reported that we
are up-to-date) or it is still not 100% fixed in all of their editions yet.

Charles reported that our wupdate.exe (SB) pops up the DeepGuard warning,
but his customized (ECL) one does not.

But if Virustotal.com reports no problem then we are already on a very safe
side.

Friedrich

> Hi David,
>
>> Curious - why do you say "tentatively fixed" - just being cautious or have
>> information they are still in a test only posture?
>
> Virustotal.com reported no problem, but on our internal test machine with
> F-Secure installed, it still blocked wupdate.exe (and a few other SB7
> generated test apps). But most apps went through OK now. So perhaps our
> test machine did not have the latest DeepGuard (web update reported that we
> are up-to-date) or it is still not 100% fixed in all of their editions yet.
>
> Charles reported that our wupdate.exe (SB) pops up the DeepGuard warning,
> but his customized (ECL) one does not.

Friedrich,

Windows 7 Ultimate x64 Host

I am not getting a DeepGuard warning, but I get the server manifest error
(as shown in screenshot) - when I startup wupdate.exe directly in this
folder:

C:\Program Files (x86)\Lindersoft\SetupBuilder 7 Developer

The same from within the IDE.

Windows 7 Ultimate x86 Virtual Machine - I do get a DeepGuard warning as
Charles as reported.

When I startup wupdate.exe directly in this folder:

C:\Program Files\Lindersoft\SetupBuilder 7 Developer

The same from within the IDE.

David

--
From David Troxell - Encourager Software
Microsoft Forums NNTP Bridge - Instructions to use
http://profileexchanges.com/blog/?p=397

Friedrich,

A couple more remarks and more testing.

Both Host and VM have SAME F-Secure file definitions - all same version
numbers, etc

Also, tested in VM - same previous files that displayed DeepGuard warnings
such as - sb72_3015_Dev.exe and Encourager Software Profile Exchange
installs (these installs were never whitelisted).

None of these files - currently - IN Virtual Machine - Windows 7 Ultimate
x86 Virtual Machine - display any DeepGuard warnings.

David

--
From David Troxell - Encourager Software
Microsoft Forums NNTP Bridge - Instructions to use
http://profileexchanges.com/blog/?p=397

Hi David,

> I am not getting a DeepGuard warning, but I get the server manifest error
> (as shown in screenshot) - when I startup wupdate.exe directly in this
> folder:

I assume DeepGuard "silently" blocks access to the Internet from wupdate.exe
(build 3015) in your case. That means, they still have not fixed it 100%.

McAfee and Comodo fixed their false-positive bugs within 36 and 24 hours --
very impressive. And F-Secure? Even after 29 days (DAYS!!!) they still
block millions of SB7 generated apps.

To be on the safe side, I checked it again. All the latest updates applied.
It still blocks some SB7 generated apps (including the standard wupdate.exe
and wucheck.exe clients). Okay, I recompiled wupdate.exe and wucheck.exe
with the latest SB7 and you know what? No block, no DeepGuard pops up.
They really did not do their homework. I must say that I am not impressed
at all.

BTW, it's not a solution to recompile wupdate.exe and wucheck.exe to make
the strange F-Secure technology happy. They have to fix this major bug in
their system.

Friedrich

--
Friedrich Linder
Lindersoft
www.lindersoft.com
+1.954.252.3910

SetupBuilder is Windows 7 installation -- "point. click. ship"

-- Official Comodo Code Signing and SSL Certificate Partner

> BTW, it's not a solution to recompile wupdate.exe and wucheck.exe to make
> the strange F-Secure technology happy. They have to fix this major bug in
> their system.

Hi Friedrich,

I've sent a very detailed reply back on my case file to my contacts at
F-Secure about this. It stresses the point that they MUST get rid of the
false positives on the two current shipping exe's as well.

I've cc'd you on it and told them that you'd be happy to provide originals
for them to analyze and include in the next update so that they can
(hopefully) resolve this once and for all.

:-)

Charles



--
-------------------------------------------------------------------------------------------------------
Charles Edmonds
www.clarionproseries.com - "Get ProPath, make your Clarion programs ready
for Windows 7 and Vista!"
www.ezchangelog.com - "Free ChangeLog software to manage your projects!"
www.setupcast.com - "A revolutionary new publishing system for software
developers - enhanced for SetupBuilder users!"
www.pagesnip.com - "Print and Save the Web, just the way you want it!"
www.clarionproseries.com - "Serious tools for Clarion Developers"
www.ezround.com - "Round Corner HTML tables with matching Banners, Buttons
and Forms!"
www.lansrad.com - "Intelligent Solutions for Universal Problems"
www.fotokiss.com - "World's Best Auction Photo Editor"
-------------------------------------------------------------------------------------------------------

Thank you so much, Charles! Very well written reply!!

Friedrich

BTW, the strange thing is that their own analysis system does not report any
problem. But the "real" installed F-Secure product seems to speak another
language.

Friedrich

Friedrich,

I agree completely! A false positive is a FALSE positive! Based on what
you're just proved (recompile wupdate.exe) - we're a sitting duck in a
shooting gallery, depending on a certain version release!

David

--
From David Troxell - Encourager Software
Microsoft Forums NNTP Bridge - Instructions to use
http://profileexchanges.com/blog/?p=397

Hi David,

> I agree completely! A false positive is a FALSE positive! Based on what
> you're just proved (recompile wupdate.exe) - we're a sitting duck in a
> shooting gallery, depending on a certain version release!

I think they have added wupdate.exe and wucheck.exe to their "clean files
database" now. Just tested it and DeepGuard does not block wupdate.exe and
wucheck.exe any longer.

But I have a specific helloworld.exe app that is still blocked. So they
still do not have it right (IMO).

Friedrich

> Hi David,
>
>> I agree completely! A false positive is a FALSE positive! Based on what
>> you're just proved (recompile wupdate.exe) - we're a sitting duck in a
>> shooting gallery, depending on a certain version release!
>
> I think they have added wupdate.exe and wucheck.exe to their "clean files
> database" now. Just tested it and DeepGuard does not block wupdate.exe and
> wucheck.exe any longer.

Friedrich,

Definitely whitelisted now - I just checked for updates with SB72 in W7 Ult
x64 host and W7 Ult x86 virtual machine - no challenge - update working as
normal.

David

--
From David Troxell - Encourager Software
Microsoft Forums NNTP Bridge - Instructions to use
http://profileexchanges.com/blog/?p=397