#1 2018-08-13 16:01:29

Giovanni
Member
Registered: 2018-08-13
Posts: 2

Fixed: Kaspersky AV reports actual GeneralSync_0.1.3.8b.exe as Malware

Fixed - 2018-0813  22:58 CET:

The Installer i sent to kaspersky labs, was examined and they told me they fix ist, because it's a false positive.

I got this Mail from Kaspersky:

Betreff:     RE: Anti-virus Lab replies to your request [VD3][FILE:2][LN:en] [KLAN-8547339108]
Datum:     Mon, 13 Aug 2018 23:49:30 +0300
Von:     newvirus@kaspersky.com
An:     xxxx mymailaddress xxxxx>


Hello,

Sorry, it was a false detection. It will be fixed.
Thank you for your help.

Sincerely yours,
Alexander Kolesnikov, Malware Analyst, Kaspersky Lab

39A/3 Leningradskoe Shosse, Moscow, 125212, Russia  Tel./Fax: + 7 (495) 797 8700  http://www.kaspersky.com https://securelist.com





Program is great, but Kaspersky Antivrus reports actual GeneralSync_0.1.3.8b.exe as Malware : Trojan.Win32.Generic.

Actual Kaspersky Internet Security Antivirus Suite Ver18..0.0.405 (i) always deletes the Windows Installer an the installed Program Files in my Windows Profile Folder.

To verify Kaspersky behaviour, just upload the binary, to scan it online at Kaspersky website:

https://virusdesk.kaspersky.com/

(Stupidly, Kaspersky ist not really capable to accept given exclusions of my GeneralSync folders or files)

Uploaded to virustotal.com, two out of 67 AV providers claim the same.

If i find a workaround, i will post it.


... hours later, Workaround found:

In the excluded folders created by the popup file-navigator, manually add a *.* at the end
Directory then looks like :  ..\AppData\Local\GeneralSync\*.*

and in the exclusion mask, leave the "Object " field blank.

Last edited by Giovanni (2018-08-13 21:04:02)

#2 2018-08-13 21:19:32

ds
Founder / Developer
From: Freiburg, Germany
Registered: 2016-06-15
Posts: 263

Re: Fixed: Kaspersky AV reports actual GeneralSync_0.1.3.8b.exe as Malware

Giovanni wrote:

Program is great, but Kaspersky Antivrus reports actual GeneralSync_0.1.3.8b.exe as Malware : Trojan.Win32.Generic.

I received quite a few reports regarding Kaspersky, but sadly there doesn't seem to be a way to fix this issue (except switching to a different security tool with less false positives, such as Microsoft's Windows Defender / Security Essentials).

When I use their online checker, I get "File is safe" for both 0.1.3.8b and the current beta 0.2.0.0b, so I cannot report false-positives. It is possible that Kaspersky dislikes your personal licensing details embedded in the installer¹ (I cannot upload your personal data to Kaspersky, so I used generic replacement data), or that Kaspersky yields different results depending on something other than file content (file name, uploader language, etc.).

Note that some Kaspersky software products contain a firewall that drastically reduces the reliability of GeneralSync's synchronization and sometimes even prevents pairing, as its firewall occasionally kills the network connections used by GeneralSync. The only reliable workaround is to white-list the installed GeneralSync application in the firewall section.




Edit: Thanks for posting Kaspersky's response to your false-positive report!


___
¹) If you are a technical person, you can check if that is the case: copy the download link for the windows installer and remove '.appendlicense' from the end. When visiting the changed link, the GeneralSync server will send you a version of the installer not containing any license information.

Last edited by ds (2018-08-13 21:24:49)

#3 2018-08-14 08:49:47

Giovanni
Member
Registered: 2018-08-13
Posts: 2

Re: Fixed: Kaspersky AV reports actual GeneralSync_0.1.3.8b.exe as Malware

Hi ds,

thanks for your response.
I picked up your suggestion to scan the 2 different installer binaries again online at Kaspersky.
( https://virusdesk.kaspersky.com/ )

The Kaspersky guy kept his word and removed the malware alert for the files from the AV-Database.

Now, both, my licensed binary and the license free binary are clean.

Here are the kaspersky scan results with  the file hashes:

File GeneralSync_0.1.3.8b.exe is safe.   (my licensed file).
The file is safe to keep, use and send.

Scan result
File is safe
File size
10.48 MB
File type
PE32/EXE
Scan date
Aug 14 2018 10:37:17
Databases release date
Aug 14 2018 08:35:23 UTC
MD5
4aae8766461d2b425174eb11b71b51e3
SHA1
0b9830464dd05e8c3b4fdd49807418f8dbfa3a42
SHA256
90d70d45566b6f0ad699ce5f8f60d25a82117fd828d8d1d27e578926593e0b12

############################################################

File GeneralSync_0.1.3.8b-lizenzfrei.exe is safe.
The file is safe to keep, use and send.

Scan result
File is safe
File size
10.48 MB
File type
PE32/EXE
Scan date
Aug 14 2018 10:38:27
Databases release date
Aug 14 2018 08:35:23 UTC
MD5
887a66a31fd5f1a670f205152bb8928d
SHA1
649bc334716fdf5d44d020fb1bcc479501731249
SHA256
2e5a6737d3aaf348ace579dfb067341eee1dc57bc59675e2e16fd7049f0a25a6


Kind Regards
Giovanni

Board footer