• コミュニティ内すべて
    • コミュニティ内すべて
    • フォーラム
    • 提案
    • ブログ
高度

お探しの情報が見つからない場合、 フォーラムで質問してください。

このフォーラムスレッドには解決策が必要です。
拍手1 Stats

trojan.gen.8 /false?

looks like every new file gets trojan.gen.8 .
Norton is removing alot of new .exe files from my pc this week
even new drivers from MSI my motherboard al flagged as gen 8
a game update gone gen.8
something is going very wrong over there with the trojan.gen.8 thing

5 in 1 week

ファイルの添付: 

返信

拍手0

Re: trojan.gen.8 /false?

Urgent to solve this problem please .... 

Bored to have ams.exe, acs.exe and other safe executable files in quarantine.

They can easily be restored ( except if more than 1 file is to be restored in different folders )

This heuristic analysis for Trojan gen.8 have to be quickly settled, else Norton is replaced by another security tool in the next months on my PC.

I'm using Norton Internet Security for years, nearly since the beginning of my different PCs... but if this is not settled quickly, sure I'll never renew my Norton protection further

Never had problem with acs.exe until the latest update .... it happened yesterday with this executable file after many months in my hard drive.

If I don't see it ... I'll have for hours verifying files with Steam to get it back.

There must be a difference made between something like a Trojan and a real Trojan. !!!!!!!!!

NB: ams.exe is Automobilista ( Reiza Studios ) .... acs.exe is Assetto Corsa. ( Kunos Simulazioni )

I read that Reiza already contacted Symantec for this problem ... and nothing's changed.

Sorry to be rude ....but nowadays only this way of reacting is the only solution to have an answer and afterwards a move to solve such problems.

NB 2: meanwhile, my only solution is to disable the heuristic analysis. Surely less secure than another better correction by Symantec, isn't it ?

I prefered writing here in english but my native language is french. ;)

拍手0

Re: trojan.gen.8 /false?

I have the same issue just started. It seems that only solution is to uninstall Norton to be able to WORK with the computer since it is strongly blocking .exe files without letting me to do anything else

拍手0

Re: trojan.gen.8 /false?

Hello

Does this issue still happen with the new version which was just released on Tuesday night in a phased in manner.? The new version is version 22.9.0.68

Thanks.

Let me know please so I can follow up on this..

Success always occurs in private and failure in full view. Windows 7 Pro 64 bit NSBU 22.17.0.183 Core Firmware 282 I E 11 Chrome latest version.
拍手3 Stats

Re: trojan.gen.8 /false?

Thanks for reporting this issue, @hamsterbryan, @Blanchy Jean-Pierre, @dr_cbr.

We are looking into this now.

As @floplot mentioned, 

Does this issue still happen with the new version which was just released on Tuesday night in a phased in manner.? The new version is version 22.9.0.68

Could you confirm your Norton product version number?

Mohanakrishnan G | Norton Forums Administrator | Symantec Corporation
拍手0

Re: trojan.gen.8 /false?

Trojan.Gen.8 false positive (standard situation for heur technology) was on 22.8 ver of Norton. https://community.norton.com/en/forums/norton-security-found-heuristic-t...

拍手0

Re: trojan.gen.8 /false?

I just started the PC, did have a big Norton update, restarted as asked and enabled the heuristic analysis again and checked manually the 3 exe which were mainly suspected .... and they were confirmed as safe.

Is it fully corrected ? .... we'll see in the next days ... as it mostly happened just after an update of those exe files.

But it also happened sometimes for older exe files which were considered as safe for a long time.

I'm leaving the heuristic analysis enabled ( Automatic mode ) .... and will see with the next update of those exe when they'll come and if they come of course.

I can't tell more immediately. 

Anyway, thanks for having a look at the problem and trying ( or succeeding maybe  ) to solve it. 

拍手0

Re: trojan.gen.8 /false?

stil happens
reinstalled Norton fully updated it to  22.9.0.68

reinstalled my game that one was skipped this time

reinstalled msi drivers stil  gen.8 pops up

so yes it is also in the new build

拍手0

Re: trojan.gen.8 /false?

Hi all,

While we look into this issue, could you please submit few files that were flagged in the below form?

https://submit.symantec.com/false_positive/

Please let me know the submission reference number.

Mohanakrishnan G | Norton Forums Administrator | Symantec Corporation
拍手0

Re: trojan.gen.8 /false?

I noticed this pop up for me yesterday but thought nothing of it. Today I tried to play Rocket League from Steam and it popped up again and the game wouldn't start. Same thing happened over and over again. Do I have to disable Norton because of this? Very annoying. Hope it's fixed soon.

拍手0

Re: trojan.gen.8 /false?

used this program
MSI Live Update 6
so i dont have download urls to the files sorry

拍手0

Re: trojan.gen.8 /false?

Hello

While you are playing Rocket League, do you put the game and Steam into User Specified Programs under Quiet Mode? Once you finish playing, then Norton will catch up.

Thanks.

Success always occurs in private and failure in full view. Windows 7 Pro 64 bit NSBU 22.17.0.183 Core Firmware 282 I E 11 Chrome latest version.
拍手0

Re: trojan.gen.8 /false?

I had to turn off norton and then change the .exe from Rocket League to trusted. It works fine now but it should never have been an issue to begin with. I don't pay yearly to have to mess about with files manually changing them.

拍手0

Re: trojan.gen.8 /false?

The main problem is:

When restoring the quarantined exe ....and of course enabling the "Exclude this file ID for the future analysis ...." ( +- as it's a translation of the french version text ) ...this will surely settle the problem for a while but ........

Most games ( as it seems the problem happens mostly with game softwares ) are constantly updated nowadays and if this update includes a new exe .... it looks like this new exe ( with the same name and maybe not the same ID ??? as I have not enough informatic knowledge ) is not excluded any longer for the analysis and the Trojan Gen8 is once again detected.

Now the question is also: why are those exe detected as a possible Trojan ? ...because they include  something like a "check version" or a "check version for update" or "check your PC specs" or something like that ?

Finding the reason why it happens is finally the main info needed for Symantec to solve the problem for good.

拍手0

Re: trojan.gen.8 /false?

Hello

Has anyone done what Mohan asked you to do? You get an email back almost immediately with a reference number?

Thanks.

Success always occurs in private and failure in full view. Windows 7 Pro 64 bit NSBU 22.17.0.183 Core Firmware 282 I E 11 Chrome latest version.
拍手0

Re: trojan.gen.8 /false?

as long as i dont know if it is real or not i am not going
to take them out of quarantaine so i can sent them in.

did a reinstal of things i never reinstal yust to chek the versioin number and if it stil happens

i am not going to do that over and over again.
i have done my part by letting know these things happen

i am even happy to contact support and to let them take over an extract the files them self.
i don't feel happy with messing with my pc by myself i am not a it specialist or something

拍手0

Re: trojan.gen.8 /false?

Immediately if I have an update of the simulation games Automobilista, Rfactor2 or Assetto Corsa ( it happened only once with this last one ) .... I'll react to Mohan's request if the problem is still showing ....

But for the moment, those exe files were restored and excluded of the analysis .... so they appear clean when analysed.

Now it'll be difficult to know if the problem happens when downloading or installing ... as mostly from Steam now an update is downloaded partially, installed partially on disk .... sometimes a few time after one another if the files to download are rather big. 

I'm just sure for one: Fanaleds ( a tool to allow Logitech wheels leds to work for some simracing games ): .... but 2 different problems happened:

1) a few files ( present on PC since a few months ) were quarantined ... suddenly when working on PC ( or just after an absence from the PC ... with maybe a quick analysis done ). ....I had to delete the whole folder.

2) trying to download the latest version yesterday and once again just now .... I couldn't even choose the folder in which download the file .... I immediately received this message and hereunder the details: ( Sorry it's french )

But it's not a Trojan this time but well just a heuristic analysis result ( same source as the Trojan Gen8 ... maybe this one would show if If might download the file .... and of course I can if desabling the heuristic analysis during the download .....)

Now not knowing if this is a real Trojan or not .... I'm not taking the risk ... but if is well a false detection, then why use an Anti-Virus software if it doesn't know if it is a virus or not ! 

Nom de fichier : 1877.tmp
Nom de la menace : Heur.AdvML.CChemin d’accès complet : c:\users\user\downloads\1877.tmp

Sur les ordinateurs au 
11/02/2017 à 11:44:50

Dernière utilisation 
11/02/2017 à 11:46:50

Elément de démarrage 
Non

Lancé 
Non

Type de menace : Virus heuristique. Détection d´une menace en fonction d´heuristiques de logiciels malveillants.


1877.tmp Nom de la menace : Heur.AdvML.C
Localiser


Peu d’utilisateurs
Des centaines d’utilisateurs de la communauté Norton ont utilisé ce fichier.

Ancien
Ce fichier a été publié il y a 2 mois .

Elevé
Ce fichier présente un risque élevé.


http://www.fanaleds.com/download/setupfanaleds_v24h.exe
Fichier téléchargé De fanaleds.com
Source : Média externe

1877.tmp

Actions de fichier

Fichier: c:\users\user\downloads\ 1877.tmp Supprimé

Empreinte numérique de fichier - SHA :
2d1db44864d6d09df0e789c161a46f64ba5eda844f4467d1b4412867ebce9ef0
Empreinte numérique de fichier - MD5 :
5abe48430af38229f8b8ca9268f7ccf6 


 

拍手0

Re: trojan.gen.8 /false?

I'm having problems with this false positive. It has just deleted an executable file from a game I play, which means I have had to uninstall the whole game and download it again. I'm concerned this is going to happen again (there seems to be no way to prevent it). I am wasting a lot of time with this. Can anyone please help?

Cheers,
Adam

拍手0

Re: trojan.gen.8 /false?

Hello Adam

If you scroll up, you will see that Mohan posted in this thread on 2/9/17. He is a Symantec Employee. They are working on the issue and he asked that the files be sent in to Symantec using the False Positive link which he gave.

Thanks.

Success always occurs in private and failure in full view. Windows 7 Pro 64 bit NSBU 22.17.0.183 Core Firmware 282 I E 11 Chrome latest version.
拍手0

Re: trojan.gen.8 /false?

Thanks for your reply floplot. I really have an issue as I can now no longer download and install the game from Steam. After downloading 2.3GB (yes that takes some time on my connection), the game fails to launch with an error message ''content file locked''. I am at a loss how to resolve this - Norton seems to have done something which is now preventing the game downloading and installing properly. I have now wasted 4 hours trying to rectify this, and I can no longer play my favourite game on my PC. Until a week ago I had Macaffee with no issues.

Cheers,
Adam

拍手0

Re: trojan.gen.8 /false?

I did what Mohan asked for 2 problems ( one of them is double for a reason I don't know ! ):

- Fanaleds ... as it's just a tmp download file ... I had to restore it to be able to upload it to submit the file ( Heuristic problem )

- Rfactor 2: as I already restored it once .... I could upload it to submit the file ( Trojan Gen.8 )

Curiously, in the details of this quarantine ... the exe of another game was included: ams.exe causing generally the same False Positive. ams.exe is Automobilista by Reiza based on an older Rfactor game. If needed I may later do a new submission for this one apart.

Now, how submit the reference numbers ? ... here publicly or in a personal message to Mohan ? I'm saving the 2 received mails in the meantime.

NB: please note the button "close" after submission doesn't work with Chrome browser. 

EDIT: ( +- 35 minutes after receiving the confirmation mail of the submission ) 

For the Fanaleds, already received Symantec's answer: "the detection(s) for the following file(s) will be removed from our products:"

拍手0

Re: trojan.gen.8 /false?

Hello

False Positive responses usually come within 24 hours.. You can post a FP reference number in the Forum. One of the Gurus would probably notice it and can get an answer. I know I can ask around if any of the Admins are around.

Thanks.

Success always occurs in private and failure in full view. Windows 7 Pro 64 bit NSBU 22.17.0.183 Core Firmware 282 I E 11 Chrome latest version.
拍手0

Re: trojan.gen.8 /false?

Hello and thanks for your answer Floplot.

I just got an answer for the 2nd one "Rfactor2" .... of course safe will be whitelisted "soon". 

I'll do the same in the afternoon ( Belgian time of course ) for ams.exe ( the one which was restored 1 or 2 weeks ago ) in the same purpose.

Now an important question:

Is it the digital signature whitelisted as I suppose it is ?

In case of a new .exe file included in a game update ... ( more or less regularly ) ... what will happen ?

Do these modified .exe have the same digital signature or a new one ?

In the 2nd case .... the false positive detection might happen again. Am I right or wrong ?

So a whitelisting of a digital signature will not be enough, but only a much deeper solution is urgently necessary.

拍手0

Re: trojan.gen.8 /false?

I have had an issue with Yubikey Authenticator  software generating a false positive for Trojan.gen.8

Since this software is used in conjunction with a physical  security key   I feel I should not restore and exclude this file. Yubico claims this is a false positive detection  and I have submitted two files to Notron

False Positive submission (18051)     File name: yubioath-gui.ex    on  2/04/2017

False Positive submission (17054)      Direct link to installer file from Yubico website  on 2/11/2017

In both cases I received this response: Upon further analysis and investigation we have verified your submission and, as such, the detection(s) for the following file(s) will be removed from our products.

Norton how ever still detects the Authinticator  file as a Trohan.gen.8 and removes it.

Please help.

拍手0

Re: trojan.gen.8 /false?

 Hello

Please submit it to www.virustotal.com and see what they say.

Thanks.

Success always occurs in private and failure in full view. Windows 7 Pro 64 bit NSBU 22.17.0.183 Core Firmware 282 I E 11 Chrome latest version.
拍手0

Re: trojan.gen.8 /false?

Thank you ....  I submitted the file to VirusTotal  and got a 5/57 detection.  The five are as follows:

Endgame                                              malicious (moderate confidence)   20170208

Invincea                                                virus.win32.parite.b                        20170203

Jiangmin                                               Trojan.Generic.albtf                        20170211

NANO-Antivirus                                    Trojan.Win32.SpamEmail.ehqvma 20170210

Symantec                                             Trojan.Gen.8                                   20170210

So, what does this mean ... a 9% chance that this is a malicious file?

Norton anti virus has  again removed this file from my computer. 

拍手0

Re: trojan.gen.8 /false?

Hello

It shows that Norton agrees with Virus Total that it is malicious.  You can try sending it to Symantec as a False Positive and see what they say when testing the file.

To report a false positive, please use this link

https://submit.symantec.com/false_positive/

Please see this KB

https://support.norton.com/sp/en/us/threat-removal-solutions/current/solutions/kb20100222230832EN_EndUserProfile_en_us

You can try Customer Support and see what they say about it.

www.norton.com/contactcs 

Thanks.

Success always occurs in private and failure in full view. Windows 7 Pro 64 bit NSBU 22.17.0.183 Core Firmware 282 I E 11 Chrome latest version.
拍手0

Re: trojan.gen.8 /false?

The antivirus result displays a green circle with a white tick mark, what does this mean?
VirusTotal makes use of the symbol to indicate that the given file was not detected in any way by the antivirus under consideration. We do not use the word "clean" or "innocuous" because antivirus solutions do not tell you whether a file is goodware, they just flag maliciousness. http://https://www.virustotal.com/en/faq/ 

拍手0

Re: trojan.gen.8 /false?

https://  www (dot) msi(dot)com/page / Live-Update-5-Manual

now i am getting the trojan.gen.8
on the update program from msi

al my pc drivers come from msi :(

again its a new exe les then a week old
why al new exe files get trojan.gen8  on them

拍手0

Re: trojan.gen.8 /false?

Hello
I get the same problem as you guys.
The Norton Anti-virus alarms me that I have a Trojan virus (Trojan.Gen.8)  and blocks it then my MSI Live Update 6 ask me for a live update.
The Norton Anti-virus also Blocks the .exe files from Windows\system32 locations. 
To handle this my Norton wants to restart the computer.
I guess this is a bugg or just a glitch from Norton ?? Should I be worried or not? is this a Trojan virus? From MSI I doubt it.

Best Regards.

拍手0

Re: trojan.gen.8 /false?

Hello

You can send in the files to Symantec so they can be further analyzed as a False Positive.

To report a false positive, please use this link

https://submit.symantec.com/false_positive/

Please see this KB

https://support.norton.com/sp/en/us/threat-removal-solutions/current/solutions/kb20100222230832EN_EndUserProfile_en_us

Thanks.

Success always occurs in private and failure in full view. Windows 7 Pro 64 bit NSBU 22.17.0.183 Core Firmware 282 I E 11 Chrome latest version.
拍手0

Re: trojan.gen.8 /false?

Hello

I've reported this thread to Norton Employee Mohan who has posted here a couple of times in this thread. I agree that this should not be happening to such a large company as MSI since they do deal with computer parts and computers. You are supposed to get your files from MSI if you have MSI products. Forget about getting them through Windows Updates.

Thanks.

Success always occurs in private and failure in full view. Windows 7 Pro 64 bit NSBU 22.17.0.183 Core Firmware 282 I E 11 Chrome latest version.
拍手0

Re: trojan.gen.8 /false?

thank you floplot ;) i hope they wil look in to this now ;) as you say MSI is way to big to have this problem with Norton ;)

拍手0

Re: trojan.gen.8 /false?

Mohan_G:

Hi all,

While we look into this issue, could you please submit few files that were flagged in the below form?

https://submit.symantec.com/false_positive/

Please let me know the submission reference number.

In relation to submission 19902.
In relation to submission 20133.

submission reference numbers here > https://community.norton.com/en/forums/autotrax-dex-electronics-cad-now-identified-trojan-threat

@Mohan_G

拍手0

Re: trojan.gen.8 /false?

Hi everyone,

Thank you for submitting the files.

The team is looking into it and I'll keep you posted.

Mohanakrishnan G | Norton Forums Administrator | Symantec Corporation
拍手0

Re: trojan.gen.8 /false?

The tracking number for your submission is: 20229

Name of the software being detected = Zemana Portable
Name of detection given by Symantec product = Trojan.Gen.8

拍手0

Re: trojan.gen.8 /false?

bjm_:

The tracking number for your submission is: 20229
Name of the software being detected = Zemana Portable
Name of detection given by Symantec product = Trojan.Gen.8

In relation to submission 20229.
Upon further analysis and investigation we have verified your submission and, as such, the detection(s) for the following file(s) will be removed from our products:
File name: Zemana.exe

Sincerely,
Symantec Security Response

拍手0

Re: trojan.gen.8 /false?

Sorry to come again and once again with problems ... but more and better is to be quickly done for your heuristic analysis !!

I had today a big update Automobilista ( Reiza Studios ) with Steam .... the main exe ( ams.exe ) was detected as Trojan Gen 8 but worse than before ... in place to be put in the quarantine, it was purely and quickly deleted and no possible action to restore it.

I usually remain polite and gentleman ..... but I'm not sure of my further reactions.

From now on, I'm forced by your exagerated false positive detections to disable the heuristic analysis .... 

Please do something better to make a difference between a Trojan Gen 8 and something acting like it. 

Now I'm forced to check 1.9 GB with Steam to get this exe back !

I don't see why game editors or MSI or other ones surely to come ( Microsoft maybe ??? ) should be stupid enough to have Trojan in their softwares !!!

Impossible to send you now a report as I haven't this exe any longer on this PC.

I'll disable the heuristic analysis and get it back .... sure I'll send it to you as false positive ... but what's the importance of this if the problem begins again and again with next updates !

拍手0

Re: trojan.gen.8 /false?

File ams.exe back on PC after verifying game cache in Steam and restored because this time it was put in quarantine.

False Positive detection submission done.

The tracking number for your submission is: 20545

If false positive, I hope the next .exe update will not be a new same detection. 

NB: unprecise submission cause as it may be download or install or maybe also analysis afterwards.

拍手0

Re: trojan.gen.8 /false?

yes i am over 10 yaers a Norton user never had real problems. now its on so many exes from msi / steam games . ath every update zo this must be a problem on nortons side . and i cant believe we need to send al those files from such a big companies to them every time they update something. so get your stuf together en fix your program ;) it is not that the false exes come from smal unknown develepers .

拍手0

Re: trojan.gen.8 /false?

Of course ... the ams.exe of Reiza Automobilista was a ... false positive.

Problem is .... what will happen with the next update ? .... I don't know !.... hoping it'll be perfectly whitelisted for the future, but I still have doubts for it.

拍手0

Re: trojan.gen.8 /false?

Hi everyone,

The team has investigated and verified the below submissions and the detections for the following files were removed from our products:

  • Submission 20133 File name: Dex-9.68.exe 
  • Submission 17054  File name: yubioath-desktop-3.1.0-win.exe 
  • Submission 18051. File name: yubioath-gui.exe
Mohanakrishnan G | Norton Forums Administrator | Symantec Corporation
拍手0

Re: trojan.gen.8 /false?

Hello

It looks like every one has to submit their files 1 by 1 to False-Positive to find out if it is safe to use their file and safe to download it.

Thanks.

Success always occurs in private and failure in full view. Windows 7 Pro 64 bit NSBU 22.17.0.183 Core Firmware 282 I E 11 Chrome latest version.
拍手0

Re: trojan.gen.8 /false?

Category: Resolved Security Risks
Date & Time,Risk,Activity,Status,Recommended Action
3/8/2017 6:03:31 PM,High,teaming_genie_1.0.1.3.exe (Trojan.Gen.8) detected by Auto-Protect,Blocked,Resolved - No Action Required
3/8/2017 6:03:31 PM,High,sutility[2].exe (Trojan.Gen.8) detected by Auto-Protect,Blocked,Resolved - No Action Required
3/8/2017 6:03:30 PM,High,smart_tool_1.0.0.10.exe (Trojan.Gen.8) detected by Auto-Protect,Blocked,Resolved - No Action Required
3/8/2017 6:03:30 PM,High,sutility[1].exe (Trojan.Gen.8) detected by Auto-Protect,Blocked,Resolved - No Action Required
3/7/2017 6:33:03 PM,Low,setup.exe (PUA.InstallCore) detected by Auto-Protect,Blocked,Resolved - No Action Required


These files are in the MSI Control Center program that is associated with my computer's motherboard. My computer is virus-free as I have re-installed the original software package that came with it on CDs. I think this is a "False Positive."

拍手0

Re: trojan.gen.8 /false?

Hello dbelton2010

Please see my posts above for instructions on how to submit files for false positive analysis.

Thanks.

Success always occurs in private and failure in full view. Windows 7 Pro 64 bit NSBU 22.17.0.183 Core Firmware 282 I E 11 Chrome latest version.
拍手0

Re: trojan.gen.8 /false?

Once again a .exe deleted from my PC and not put in quarantine. Impossible to restore it.

After getting it back with a Steam files check ( a chance I have a very good internet connection ), I checked this same file at Virustotal .... and even Symantec is OK ( green ).

So I don't know why it was suddenly deleted !

This is the last time I'm noticing such a problem... next time, Norton is out of my PC for life !!!

Reason why I'm not gonna submit anything. I have Norton to protect me .... not for bothering me. We are not your paying beta testers.

Sorry but if you cannot see a difference between a real Trojan Gen8 and a false detection ... stop analyzing that way.

Or take better informaticians.

I will not come back into this thread for a new comment ... and if it happens just once more, Norton is out and I will surely never advise people to use Norton in the future.

Symantec customer for Norton for so many years ... but sorry I'm fed up with these working ways.

拍手0

Re: trojan.gen.8 /false?

Reason why I'm not gonna submit anything. I have Norton to protect me .... not for bothering me. We are not your paying beta testers.

I understand your frustration, but if everyone felt that way, Norton would never know about new malware or new false positives.

Things happen. Export/Backup your Norton Password Manager data.
拍手0

Re: trojan.gen.8 /false?

The only solution to this problem is:

Find why an executive file of a software may be considered as Trojan Gen8 .... while in fact that's not one ! Maybe it acts or looks like one  ... but isn't.

I only suspect it's only for one reason: surely something in its content .... making a link with our Users Documents. But ... most games are that way. ( in my own case, only legal, paid and from known editors and moreover to buy through Steam ? Do you think Steam might sell softwares with Trojan inside ?? I don't think so  )

Second problem: why a heuristic problem may be found if the heuristic analysis is .... unactivated ... as i'm really fed up with so many false detections since this was introduced in Norton Internet Security 

One day, will Norton discover a Windows file is a Trojan ? or maybe one of its own file is also one ?? ....

Third problem: why was this exe purely and simply deleted and not put in quarantine, as it is mostly the case ??

Fourth problem: why have a Security software if it even doesn't know what is the difference between a virus or a trojan and ... simply something looking like it but not a real one .... Do we have to decide on our own ?? .... then rather a free Security system ... than pay for something which is unable to know what to do ... even erase something because it's looking like ! ???

Mostly now, I let VirusTotal analyse the file and find only 5 Security systems are considering  this file is a Trojan Gen 8 or other name .... while so many other ones consider it ...safe.

Please quickly find a solution ... else Norton will loose many more customers than even before ! I'm someone cautious but this program might make me incautious due to such false positives. 

NB: sorry to be harsh ... but I'm now aware that nowadays it's the only way to make people react and find solutions to a problem. More and more the customer is the tester for products which are not perfectly tested ! Big commercial error in my own opinion and maybe old fashioned way of analysing some modern and bad working ways.

NB2 my native language is french .... so sorry for some approximative sentences in this long comment. 

拍手0

Re: trojan.gen.8 /false?

Back again,

Maybe you understand my frustation but surely and obviously .... I'll never renew my Norton Internet Security in the future if nobody at Symantec understands the recurrent problem of those false positives for the same exe

If each time a exe is modified with a new version ( and it may sometimes happen more than once a month ) and each time this exe is brought in quarantine, that we have to restore it and we must ask to declare it for the same known editor as false positive .... I really don't need such a stupid Anti-Virus system or unable informaticians to find a more intelligent system.

Bad politics, bad reasoning and bad action to do as ... we don't know how to make the difference between a real Trojan and a false one .... so... let's always declare it as Trojan Gen8.

What happens, what's the customer's reaction:... Norton is not reliable any longer.

Be sure that all who wrote in this thread are lost customers and surely many more who do not express themselves.

URGENT to find a solution.

https://www.virustotal.com/fr/file/eca17eb54428a1b677e6a1bca456f1ba7435b...

Are the 55 on 62  systems idiots to declare it negative instead of false positive ????

拍手0

Re: trojan.gen.8 /false?

Blanchy Jean-Pierre:

https://www.virustotal.com/fr/file/eca17eb54428a1b677e6a1bca456f1ba7435b...
Are the 55 on 62  systems idiots to declare it negative instead of false positive ????

 55 green circle with white tick indicates File not detected in any way.

VirusTotal makes use of the symbol to indicate that the given file was not detected in any way by the antivirus under consideration. We do not use the word "clean" or "innocuous" because antivirus solutions do not tell you whether a file is goodware, they just flag maliciousness.

VirusTotal antivirus solutions sometimes are not exactly the same as the public commercial versions. Very often, antivirus companies parametrize their engines specifically for VirusTotal (stronger heuristics, cloud interaction, inclusion of beta signatures, etc.). Therefore, sometimes the antivirus solution in VirusTotal will not behave exactly the same as the equivalent public commercial version of the given product.

https://www.virustotal.com/en/faq/ 

VirusTotal is not a substitute for any antivirus/security software installed in a PC, since it only scans individual files/URLs on demand. It does not offer permanent protection for users' systems either. At VirusTotal we think of our service as a second opinion regarding the maliciousness of your files/URLs.

Although the detection ratio achieved by the use of multiple antivirus engines/URL scanners is far superior than that offered by just one product, these results DO NOT guarantee the harmlessness of a file/URL. Moreover, the aggregate amount of false positives of multiple solutions is higher than that of any individual scanner.

Currently, there is no solution that offers 100% effectiveness in detecting viruses, malware and malicious URLs. You may become a victim of deceitful advertising, if you buy such a product under those premises.

At VirusTotal we are tired of repeating that the service was not designed as a tool to perform antivirus comparative analyses, but as a tool that checks suspicious samples with several antivirus solutions and helps antivirus labs by forwarding them the malware they fail to detect. Those who use VirusTotal to perform antivirus comparative analyses should know that they are making many implicit errors in their methodology, the most obvious being:  [....]

Very often antivirus solutions and URL scanners will produce false positives, i.e. detect as malicious innocuous files and URLs. [..]
VirusTotal simply acts as an information aggregator and cannot and will not be held responsible for these false positives. [..]

https://www.virustotal.com/en/about/ 

FWIW: some of the 62 engines in your example may use the same criteria against this sample (so, for example 7 red may be 1 red) YMMV.


no comment Re: trojan.gen.8 /false?

拍手0

Re: trojan.gen.8 /false?

The real problem of this kind of analysis is .... too many false positives and moreover repetitive ones for the same software editor  exe file which already was proven as ... false positive.

So how can we trust something saying it's a Trojan Gen8 ... if finally it is .... not !

What will happen if finally there should really be one at the 10th exe update ??? as we cannot trust the virus detection, after 2 or 3 times false positives, what is the user's manoeuvre .... restore automatically the detected exe .... 

I'm no hacker or virus maker ... but if I was one I'd know how to jeopardize Norton's users ! 

There's a well-known sentence in french saying 

À force de crier au loup, évidemment, plus personne ne vient

Meaning: Crying wolf damages the credibility of the precautionary principle

That's precisely what happens here.

Surely totally free or stolen software exe contains real Trojan Gen8 ... but I doubt a serious software maker ( game or other ) might take the risk to publish such an executable ... making his reputation so bad that it might mean his own death.

I think Symantec should make exceptions for those legal software makers distributed by serious and earnest platforms rather than the actual ridiculous and finally dangerous way of working.

Maybe that's the difference between 6 or 7 softwares detecting Trojan Gen 8 or other names ... while all others don't detect them as they already noticed it was unuseful ... as the difference between a real Trojan and a false positive can't be found with precision.

This thread is closed from further comment. Please visit the forum to start a new thread.