To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

False positives with QT (5.9.3)

WhoCares
WhoCares Posts: 4 Security Scout
in Business Suite

Hi,

 

I get new "Virus blocked" messages almost daily with F-Secure. They are always coming from my Qt folder. I downloaded Qt from the official qt website.

 

Today it is QMLLINT.EXE - F-Secure detected a virus named Application:W32/Generic.687143bc9d!Online

 

Funny, when checking with VirusTotal, F-Secure isn't listed as one of the scanners that detects something...

 

https://www.virustotal.com/de/file/a55a020a3d5c239a1ea33ebad41be8030cf3bc2cb6c68dfab4a69075ed071b16/analysis/1525335315/

 

 

Comments

  • Vad
    Vad Posts: 1,069 Cybercrime Crusader

    Hello WhoCares,

     

    Did you report false positives for this detections on our website? Does it help?

     

    Best regards,

    Vad

  • WhoCares
    WhoCares Posts: 4 Security Scout

    Thanks for the reply. I did it for one of the executeable and got following reply: "

    Our analysis has found that this particular file that you submitted is not harmful. Our security products have been updated to identify it as clean."

     

    Problem is that I still get messages daily for the other executeable in that folder. There are dozends of EXEs and DLLs in that folder. 

     

    Is there a solution where I don't need to report every single file?

  • Vad
    Vad Posts: 1,069 Cybercrime Crusader

    Hello WhoCares,

     

    The workaround is to add this folder to file scanning exclusions.

     

    Best regards,

    Vad

  • etomcat
    etomcat Posts: 1,172 Firewall Master

    Hello,

     

    > Funny, when checking with VirusTotal, F-Secure isn't listed as one of the scanners that detects something...

     

    Actually, it does. On the third tab in Virustotal (Zusätzliche Informationen) you can see this detection: F-Secure Deepguard: Suspicious:W32/Malware!Online

     

    This is likely a general logic problem in Deepguard technology and F-Secure should fix its product, instead of telling customers to create folder exclusion.

     

    Best regards: Tamas Feher, Hungary.

  • Vad
    Vad Posts: 1,069 Cybercrime Crusader

    Hello Tamas,

     

    If I understand correctly from initial post "F-Secure detected a virus named...", the detections are done by AV, not DG.

    By the way, it is possible to submit several problematic files together, in one archive. The file size limit is 30Mb.

     

    Best regards,

    Vad

  • MJ-perComp
    MJ-perComp Posts: 669 Firewall Master
    Sorry, but exclusions are NO solution to false positives!
    they are only a temporary workaround.
  • WhoCares
    WhoCares Posts: 4 Security Scout

    "The workaround is to add this folder to file scanning exclusions."

     

    Actually this doesn't seem to work for me. I still get "virus blocked" windows daily. When looking at the excluded elements I saw they were empty again. Perhaps this is something managed by our admin? I'm not sure.

     

    I think it would be better to have a general fix for these false positives...

  • Vad
    Vad Posts: 1,069 Cybercrime Crusader

    Hello WhoCares,

     

    Sure, please, pack your binaries in archive(s) with the size not more than 30Mb, and submit on our website.

     

    Best regards,

    Vad

  • WhoCares
    WhoCares Posts: 4 Security Scout

    Alright, I just submitted an archive (bin_qt.7z) with some of the files. Hope that suffices to develop a fix for these false positives in general. 

     

    Because all binaries from the qt folder would be tens of gigabytes.

This discussion has been closed.

Categories