ClickTwice - Kapersky positive

Add-in Express™ Support Service
That's what is more important than anything else

ClickTwice - Kapersky positive
 
Emmanuel SELLIER




Posts: 16
Joined: 2016-11-23
Hi,

I have a user which reported that his Kapersky antivirus detected a malware during download of our addon.
Kapersky gave a warning and deleted downloaded setup file because of a trojan detected : "PDM:Trojan.Win32.Generix"

I tested every file within the click-twice directory with Kapersky online scanner and Virus Total, and I got only one "complaint" among 61 antivirus tested :
https://www.virustotal.com/fr/file/d02cceeac1a7f92e9286163afbef678b6f17e634c5c0f0e0d96ca35ce77afe3c/analysis/1490651758/

Any idea?

Thanks
Posted 27 Mar, 2017 17:21:29 Top
Emmanuel SELLIER




Posts: 16
Joined: 2016-11-23
After having tested by myself, I can confirm Kapersky alerts on Trojan in the exe generated by ClickTwice.
Doesn't seem to complain with the MSI.
Posted 28 Mar, 2017 03:09:55 Top
Andrei Smolin


Add-in Express team


Posts: 14094
Joined: 2006-05-11
Hello Emmanuel,

Please zip that file and send it to the support email address. You can find it in {Add-in Express installation folder}\readme.txt. Please make sure your email contains a link to this topic.

What Add-in Express build number do you have installed on your development machine?

Regards from Belarus (GMT+3),

Andrei Smolin
Add-in Express Team Leader
Posted 28 Mar, 2017 03:31:47 Top
Andrei Smolin


Add-in Express team


Posts: 14094
Joined: 2006-05-11
Thank you Emmanuel,

Could you please specify the version of Kapersky used on the customer's machine?

Regards from Belarus (GMT+3),

Andrei Smolin
Add-in Express Team Leader
Posted 28 Mar, 2017 05:37:15 Top
Andrei Smolin


Add-in Express team


Posts: 14094
Joined: 2006-05-11
I cannot reproduce the issue using Kaspersky resources available online. Does the use use an outdated Kaspersky version? Is the issue reproducible if the user updates the antivirus?

Regards from Belarus (GMT+3),

Andrei Smolin
Add-in Express Team Leader
Posted 28 Mar, 2017 05:43:46 Top
Emmanuel SELLIER




Posts: 16
Joined: 2016-11-23
It can be reproduced using latest Kapersky antivirus (trial license installed this morning).
Database updated.

User added an image
Posted 28 Mar, 2017 05:53:08 Top
Andrei Smolin


Add-in Express team


Posts: 14094
Joined: 2006-05-11
Could you please check that file at https://scan.kaspersky.com/?utm_source=newvirus.kaspersky.com&utm_medium=referral&utm_campaign=newvirus_en?

Regards from Belarus (GMT+3),

Andrei Smolin
Add-in Express Team Leader
Posted 28 Mar, 2017 06:02:34 Top
Emmanuel SELLIER




Posts: 16
Joined: 2016-11-23
I did already scan it with Kapersky online scanner and Virus Total.
Both declare the exe is safe.

Actually the warning raises at execution time, not at download time.
There is something during execution which seems irregular to Kapersky.

I'm fond of the ClickTwice feature... Would be a shame I can't use it because of that false positive.
We need to be sure users can be informed easily of new updates. Else I will implement a home-made solution for that.
Posted 28 Mar, 2017 06:08:15 Top
Andrei Smolin


Add-in Express team


Posts: 14094
Joined: 2006-05-11
Emmanuel,

I've sent the file to the Kaspersky team using https://newvirus.kaspersky.com/. If the file is okay, I expect they'll updated their databases and your file will be marked okay. I suppose this may take a while.

Regards from Belarus (GMT+3),

Andrei Smolin
Add-in Express Team Leader
Posted 28 Mar, 2017 06:32:28 Top
Emmanuel SELLIER




Posts: 16
Joined: 2016-11-23
Thank you very much Andrei.

I will, temporarly, fall back to the home-made solution.
We'll get back to ClickTwice when we get news from Kapersky.

Thanks again
Posted 28 Mar, 2017 06:36:43 Top