Comments on: Fenomen(al) False Positives

By: Pedro Bustamante

Pedro Bustamante — Tue, 02 Sep 2008 14:36:11 +0000

It seems that SwishMax2 is using multiple layers of run-time packing and/or a packer that is used by known malware.

We can add this to the exclusion list on the signature, but you might want to tell the SwishMax2 developers to not use malicious runtime packers. I see that other AV engines also detect this as malicious because of the same reason.

By: Pedro Bustamante

Pedro Bustamante — Mon, 01 Sep 2008 12:01:56 +0000

Nobody at Panda answered me since 1 year when I ask about SwishMax2, a very nice flash web designer program I can’t use anymore.
Why?
Simply! Panda IS 2008 always says me that it is Malicious Paker inside!
CRAZY!
In the while I’m losing money with my clients dued to Panda stupid interpretation of this paker…
No way to say Panda IS to avoid file analisys of this folder and/or file.exe of swishmax.
Look at various forums are talking of that!

By: Pedro Bustamante

Pedro Bustamante — Thu, 31 Jul 2008 07:47:34 +0000

Thanks for the heads-up Norberto. We’ll take a look at it and fix it.

By: Pedro Bustamante

Pedro Bustamante — Wed, 30 Jul 2008 06:11:06 +0000

Hi, My last Panda actualization deletes my Swish flash editor [www.swishzone.com] by a false positive error, same issue happened with Norton AV on May as you can see on Swish forums at http://forums.swishzone.com/index.php?showtopic=58210&hl= , fortunately it was solved inmediately by Symantec.

I wrote to local Panda support and Panda support staf tells me I need to contact program vendor (Prodigy -a internet provider-). So I called Prodigy support, and Ms Beatriz Contreras simply tells me “disable antivirus”. What kind of support is this?

I want to known if this problem will be solved soon or if I need to get a new antivirus software.

Thanks

By: Pedro Bustamante

Pedro Bustamante — Fri, 04 Jul 2008 10:56:09 +0000

Yes of course quding, FPs happen to every vendor. That’s why its extremely important to invest in resources to control these FPs on a daily basis, more so with more automation involved in adding signatures.

By: Pedro Bustamante

Pedro Bustamante — Mon, 30 Jun 2008 13:48:31 +0000

Hi, I’m using IS08, and very please with the performance. Regarding the FPs problems, i’m just setting in firewall. The smartest brain is human’s brain not computer’s brain.

By: Pedro Bustamante

Pedro Bustamante — Mon, 30 Jun 2008 12:43:50 +0000

And what’s more,”Fenomen(al)” is titled here,you constructed with a suffix “al”,does it mean to be an adjective word?
I mean,you predicated of yhe word that it is a class but not only a sigle one,didn’t it?
In other words,in conclusion,not only Panda but also other vendors’ automation will appear such type of FPs?

By: Pedro Bustamante

Pedro Bustamante — Thu, 26 Jun 2008 10:09:33 +0000

Yes quding there are other reasons that cause FPs other than automated systems. But I believe these FPs that are generated automatically can have a significant effect as the volume of FPs can grow very rapidly and affect users negatively unless more controls are added to these automated systems.

By: Pedro Bustamante

Pedro Bustamante — Mon, 23 Jun 2008 14:50:44 +0000

OK,I agreed with what you said.
It makes sense to an extent.
If it is possible,i wanna communicate with you further about this issue.

Traditionally,How many reasons can cause FPs happen?
Currently,Are there any new reasons?besides “automated” here?

By: Pedro Bustamante

Pedro Bustamante — Thu, 05 Jun 2008 17:29:27 +0000

FPs have traditionally happened for other reasons (too generic signatures, poor QA, etc.). What I suggest on this post is a more recent method by which FPs appear because of “automated” signature generation systems.