False positives with QT (5.9.3)

Hi,

I get new "Virus blocked" messages almost daily with F-Secure. They are always coming from my Qt folder. I downloaded Qt from the official qt website.

Today it is QMLLINT.EXE - F-Secure detected a virus named Application:W32/Generic.687143bc9d!Online

Funny, when checking with VirusTotal, F-Secure isn't listed as one of the scanners that detects something...

https://www.virustotal.com/de/file/a55a020a3d5c239a1ea33ebad41be8030cf3bc2cb6c68dfab4a69075ed071b16/analysis/1525335315/

Find more posts tagged with

Comments

WhoCares

Alright, I just submitted an archive (bin_qt.7z) with some of the files. Hope that suffices to develop a fix for these false positives in general.

Because all binaries from the qt folder would be tens of gigabytes.

Vad

Hello WhoCares,

Sure, please, pack your binaries in archive(s) with the size not more than 30Mb, and submit on our website.

Best regards,

Vad

WhoCares

"The workaround is to add this folder to file scanning exclusions."

Actually this doesn't seem to work for me. I still get "virus blocked" windows daily. When looking at the excluded elements I saw they were empty again. Perhaps this is something managed by our admin? I'm not sure.

I think it would be better to have a general fix for these false positives...

MJ-perComp

Sorry, but exclusions are NO solution to false positives!
they are only a temporary workaround.

Vad

Hello Tamas,

If I understand correctly from initial post "F-Secure detected a virus named...", the detections are done by AV, not DG.

By the way, it is possible to submit several problematic files together, in one archive. The file size limit is 30Mb.

Best regards,

Vad

etomcat

Hello,

> Funny, when checking with VirusTotal, F-Secure isn't listed as one of the scanners that detects something...

Actually, it does. On the third tab in Virustotal (Zusätzliche Informationen) you can see this detection: F-Secure Deepguard: Suspicious:W32/Malware!Online

This is likely a general logic problem in Deepguard technology and F-Secure should fix its product, instead of telling customers to create folder exclusion.

Best regards: Tamas Feher, Hungary.

Vad

Hello WhoCares,

The workaround is to add this folder to file scanning exclusions.

Best regards,

Vad

WhoCares

Thanks for the reply. I did it for one of the executeable and got following reply: "

Our analysis has found that this particular file that you submitted is not harmful. Our security products have been updated to identify it as clean."

Problem is that I still get messages daily for the other executeable in that folder. There are dozends of EXEs and DLLs in that folder.

Is there a solution where I don't need to report every single file?

Vad

Hello WhoCares,

Did you report false positives for this detections on our website? Does it help?

Best regards,

Vad