False Positive Submission Results, ID:3fd43cfe-4915-4280-b48f-2da06a764305

Hi,

Requesting for a status update on the false positive submission that I made on the 15th. Submission ID: 3fd43cfe-4915-4280-b48f-2da06a764305.

https://submit.norton.com/?type=CHECK&submission_id=3fd43cfe-4915-4280-b48f-2da06a764305. This links keeps saying "Analyzing". Thank you for your help.

Sincerely,

Parmeet

 

Thank you, Zee for letting me know of the correct way to submit the file for review. I will keep that in mind. Appreciate all the support. Feel free to close this thread.

Regards,

Parmeet

Hi @ParmeetSinghGhai,

Thanks for confirming that issue is resolved. 

In response to your question, After the software update, I would suggest testing the application with Norton and If it's detected again then submitting the detected file for review. But make sure only submit the detected file, do not submit the whole folder which includes the file. I saw your submission last time and you submitted a .zip folder that contains the file. You should need to submit the .exe application file which was detected by Norton. 

So if its happened again after the software update then just submit the detected file for review. If it's FP then detection should be removed within 24-48 hours.

Feel free to reach out if you have any questions.

Thanks,

Zee

The file that I submitted is longer getting detected as a virus by norton. Thank you both @bjm_ and @zeeshan_ha for your awesome support on this matter. We can go ahead and close this thread if needed however I had one last question to ask before we do that.

Further software testing on my end revealed that there are some updates needed to be made to the software application which would involve adding and modifying a few lines of code here and there. When I do update my software application, would I have to re-submit the .EXE file and go through this process again or would norton detect that this is the same PSGDriveSync application as before but with few changes ?

The reason why I ask this is because software updates are an important part of a software's development life cycle so any suggestions on how to avoid future false detection are more than welcome.

My sincerest gratitude to @bjm_ and @zeeshan_ha,

Parmeet

 

Hi @ParmeetSinghGhai,

We can confirm that detection is removed from the file, Can you please check and confirm? Please make sure to run the live update first.

Thanks,

Zee 

~ my understanding is...the detected file has been resubmitted awaiting the results 

Thank you so much for getting back to me. I appreciate the help.

I did file insight on my application and its gives out "Bad" Rating

FileInsight.PNGI also made a video as well that shows norton detecting my program as a virus and then quarantining it. I have attached it as "Norton_Video.zip". Do you think that my norton application has been tampered with somehow ?

As far as the application is concerned. I am the developer of this application which is why I made this request to check and see why norton was detecting my application as a virus and how it can get white listed. After some research of my own, I came to find out that people using "ConfuserEX" to obfuscate their Dot Net Code like me end up with this problem. this program is located at: https://yck1509.github.io/ConfuserEx/ and https://github.com/yck1509/ConfuserEx.

I sure do want to resolve this problem as quickly as possible so please do let me know what files you need from me so I may help.

Thanks,

Parmeet

Note: after uploading PSGDriveSync.exe to VirusTotal

23 security vendors and no sandboxes flagged this file as malicious
dff9c252dc61c532a24e03cf5b984766d8dda7dc44b7e66a9312c8a2c8fa59b4
PSGDriveSync.exe

 

https://www.virustotal.com/gui/file/dff9c252dc61c532a24e03cf5b984766d8dda7dc44b7e66a9312c8a2c8fa59b4


Note: I'm not familiar with PSGDriveSync

We'll try to call attention to your submission:

FWIW ~ from your zip file containing PSGDriveSync.exe

Filename: PSGDriveSync.exe
Full Path: C:\Users\user\Desktop\PSGDriveSync_1\PSGDriveSync.exe

Identified 
3/23/2023 

Source File: 
PSGDriveSync.exe

File Thumbprint - SHA:
dff9c252dc61c532a24e03cf5b984766d8dda7dc44b7e66a9312c8a2c8fa59b4
File Thumbprint - MD5:
2b890cb3348a5e546e0a1afa95557351

Note: VirusTotal for dff9c252dc61c532a24e03cf5b984766d8dda7dc44b7e66a9312c8a2c8fa59b4 is No Matches Found


Note: PSGDriveSync.exe is Unsigned


Note: I'm not familiar with PSGDriveSync 

Norton Team,

Requesting for an update on this matter. Its been 8 Days now !! since the initial request (Submission ID: 3fd43cfe-4915-4280-b48f-2da06a764305) was opened. I have attached the following data to help you with your analysis:

1) dump of the following folder from my computer: C:\ProgramData\Norton. its contains the "QBackup" folder that contains all the quarantined files among many other things.

2) screenshots showing norton treating my program "PSGDriveSync.exe" as a Heur.AdvML.B virus.

3) submission details from the "History" section where norton shows all the detection history.

4) export of the entire "History" as "Recent History.mcf"

5) zip file "PSGDriveSync.zip" that contains the file "PSGDriveSync.exe" which norton detects as a Heur.AdvML.B virus.

Please help 

[Edit: Removed attachments.]