F-Secure 9.9.15370.0 (false-positive bug)

[NewsArchive]

F-Secure detects applications compiled with SetupBuilder 7 as 'suspicious'
(W32/Malware!Gemini).

Of course, this is a "false-positive". When a legitimate file is
incorrectly detected as infected by an antivirus product, the anti-virus
system vendors call it a "false positive" or a "false alarm". But let's
call it what it is: it's nothing more than a NASTY BUG in their software and
they did a bad job.

https://analysis.f-secure.com/portal/login.html

--
Friedrich Linder
Lindersoft
www.lindersoft.com
+1.954.252.3910

SetupBuilder is Windows 7 installation -- "point. click. ship"

-- Official Comodo Code Signing and SSL Certificate Partner

[NewsArchive]

> F-Secure detects applications compiled with SetupBuilder 7 as 'suspicious'
> (W32/Malware!Gemini).
>
> Of course, this is a "false-positive". When a legitimate file is
> incorrectly detected as infected by an antivirus product, the anti-virus
> system vendors call it a "false positive" or a "false alarm". But let's
> call it what it is: it's nothing more than a NASTY BUG in their software and
> they did a bad job.

Friedrich,

Isn't this a fairly new false positive? So, possibly on a definition update
recently, they introduced it?

David

--
From David Troxell - Encourager Software
Microsoft Forums NNTP Bridge - Instructions to use
http://profileexchanges.com/blog/?p=397

[NewsArchive]

Still detected as "Suspicious:W32/Malware!Gemini" in update 2010.08.27

VERY BAD JOB, F-Secure!

--
Friedrich Linder
Lindersoft
www.lindersoft.com
+1.954.252.3910

SetupBuilder is Windows 7 installation -- "point. click. ship"

-- Official Comodo Code Signing and SSL Certificate Partner

[NewsArchive]

Hi David,

> Isn't this a fairly new false positive? So, possibly on a definition
> update recently, they introduced it?

I don't know exactly when they introduced it. But after quite a few reports
from SetupBuilder users it's still there. Other (good) protection software
companies fix such a bug within 2-10 hours. But F-Secure still flags
millions of SetupBuilder created installers/applications as a threat.

Friedrich

[NewsArchive]

What a drag.

Jeff Slarve

[NewsArchive]

BTW, should read Version "9.0.0.851"

Friedrich

[NewsArchive]

That's why I love "copy and paste" <g>. The real version is "9.0.15370.0".
Still flagged even after the latest definition update.

Friedrich

[NewsArchive]

>> Isn't this a fairly new false positive? So, possibly on a definition
>> update recently, they introduced it?
>
> I don't know exactly when they introduced it. But after quite a few reports
> from SetupBuilder users it's still there. Other (good) protection software
> companies fix such a bug within 2-10 hours. But F-Secure still flags
> millions of SetupBuilder created installers/applications as a threat.

Friedrich,

Definitely no reason for them to drag their feet when a Major Setup Tool
company reports the problem.

I'd suggest this (if you feel comfortable doing so) - some Clarion
developers don't read this newsgroup - might help to post this to some
other common newsgroups such as Clarion Third Party and comp.lang.clarion
and ask for all that will to floodgate F-Secure with complaints.

David

--
From David Troxell - Encourager Software
Microsoft Forums NNTP Bridge - Instructions to use
http://profileexchanges.com/blog/?p=397

[NewsArchive]

Hi David,

> Definitely no reason for them to drag their feet when a Major Setup Tool
> company reports the problem.
>
> I'd suggest this (if you feel comfortable doing so) - some Clarion
> developers don't read this newsgroup - might help to post this to some
> other common newsgroups such as Clarion Third Party and comp.lang.clarion
> and ask for all that will to floodgate F-Secure with complaints.

Yes, you are right. But I know that quite a few already sent their
installer to F-Secure (and even support messages) and it's still "flagged".

And the thread is mirrored here (already 2,000+ hits)
http://www.lindersoft.com/forums/showthread.php?t=27387

Perhaps the F-Secure guys are on vacation <g>

Friedrich

[NewsArchive]

> Hi David,
>
>> Definitely no reason for them to drag their feet when a Major Setup Tool
>> company reports the problem.
>>
>> I'd suggest this (if you feel comfortable doing so) - some Clarion
>> developers don't read this newsgroup - might help to post this to some
>> other common newsgroups such as Clarion Third Party and comp.lang.clarion
>> and ask for all that will to floodgate F-Secure with complaints.
>
> Yes, you are right. But I know that quite a few already sent their
> installer to F-Secure (and even support messages) and it's still "flagged".

Friedrich,

However, more complaints can only help in the overall situation. Get the
troops alarmed - AS many as possible - Clarion crowd gets very vocal over
issues - many use your product as you well know -

SOME are even better complainers than others - never know what finally
prompts a company to action!

I've done my part - email to corporate - sample under F-Secure Sample
Analysis System - product support complaint

>
> And the thread is mirrored here (already 2,000+ hits)
> http://www.lindersoft.com/forums/showthread.php?t=27387
>
> Perhaps the F-Secure guys are on vacation <g>

Vacation nightmare! :-(

Hope it's resolved soon FOR ALL of us!

BTW, I did have problems with F-Secure and Microsoft Outlook 2010 testing -
the problem was infrequent - finally disabled F-Secure Spam Add-in for
Outlook 2010 (however, I do not depend on Outlook 2010 heavily).

So obviously Big companies and Bigger companies have problems.

David

--
From David Troxell - Encourager Software
Microsoft Forums NNTP Bridge - Instructions to use
http://profileexchanges.com/blog/?p=397