Kudos0

Competitor's product detects NPE as malicious

Hello,

I recently downloaded Norton Power Eraser and, for good measure, uploaded it to VirusTotal.
It turns out that the "VIPRE" antivirus engine detects NPE.exe as "NooleySystemsRogue.SpyWareNo (fs)."
Can you please look into this?

Thanks.

Replies

Kudos0

Re: Competitor's product detects NPE as malicious

VirusTotal uses the command-line scanner versions of the products that support VirusTotal. Solutions included in VirusTotal are configured according to the parameters requested by the vendor, with a more aggressive level of heuristic detection than the official end-user default configuration.  Commercial products have false-positive suppression mechanisms which are not present in the VirusTotal command-line engine. 

The engine format and configuration in VirusTotal is different than the consumer and corporate products’ default configuration. VirusTotal uses a command-line engine with different configuration and detection techniques/heuristics which might detect more than the commercial product.

Those who use VirusTotal to perform antivirus comparative analyses should know that they are making many implicit errors in their methodology, the most obvious being:

  • VirusTotal's antivirus engines are command line versions, so depending on the product, they will not behave exactly the same as the desktop versions: for instance, desktop solutions may use techniques based on behavioral analysis and count with personal firewalls that may decrease entry points and mitigate propagation, etc.
  • In VirusTotal desktop-oriented solutions coexist with perimeter-oriented solutions; heuristics in this latter group may be more aggressive and paranoid, since the impact of false positives is less visible in the perimeter. It is simply not fair to compare both groups.
  • Some of the solutions included in VirusTotal are parametrized (in coherence with the developer company's desire) with a different heuristic/aggressiveness level than the official end-user default configuration.

https://support.virustotal.com/hc/en-us/articles/115002094589-Why-do-not-you-include-statistics-comparing-antivirus-performance- 


VirusTotal is not responsible for false positives generated by any of the resources it uses, false positive issues should be addressed directly with the company or individual behind the product under consideration.

Please find the company on our contributors page and reach out to them. 

https://support.virustotal.com/hc/en-us/articles/115002122305-VirusTotal-is-detecting-a-legitimate-software-I-have-developed-what-can-I-do-

Norton Power Eraser is not detected by Norton Security consumer products. 

VirusTotal does not scan files or URLs. VirusTotal receives results from different AV vendors. If NPE is listed as malware in VT results it's because the AV vendor hasn't sent VT updated results. Once they send VT updated results, the information is automatically updated in VirusTotal.

If after some days NPE is still flagged, please contact the AV vendor and let them know that they have to send updated results to VirusTotal.  https://www.vipre.com/

Kudos0

Re: Competitor's product detects NPE as malicious

Vipre has already been contacted.  Let's see what happens.