facebook

F-Secure detect Mobione.exe – FALSE NEGATIVE

  1. MobiOne Archive
  2.  > 
  3. Getting Help – General
Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • #315502 Reply

    alfred
    Member

    I installed Mobione 1.1.1 on a win7 64 bit operating system with FSecure installed. FSecure detects mobione.exe to contain:
    Gen:Trojan.Heur.TP.8Z@bqqeshii
    On the info page I can read:
    ———————————————————————————————————————————–
    Trojan:W32/Generic
    Name : Trojan:W32/Generic
    Detection Names : trojan.generic
    gen:trojan, Trojan.crypt
    Category: Malware
    Type: Trojan
    Platform: W32
    Summary

    A trojan, or trojan horse, is a seemingly legitimate program which secretly performs other, usually malicious, functions. It is usually user-initiated and does not replicate.
    Disinfection

    Allow F-Secure Anti-Virus to disinfect the relevant files.

    For more general information on disinfection, please see Removal Instructions.
    Additional Details

    Trojan:W32/Generic is a Generic Detection that identifies files with trojan-like characteristics or behavior.

    About Generic Detections

    Unlike more traditional detections (also known as signatures or single-file detections) a Generic Detection does not identify a unique or individual malicious program. Instead, a Generic Detection looks for broadly applicable code or behavior characteristics that indicate a file as potentially malicious, so that a single Generic Detection can efficiently identify dozens, or even hundreds of malware.

    For more information about Generic Detections, see the Other:W32/Generic description.
    ———————————————————————————————————————–

    What can I do to make it work?
    I tried to restore the quarantined exe file, but as soon as I try to execute it, FSecure put it back in to qurantine,
    disabling my FSecure is not something that I will even concider, can someone help me out?

    #315518 Reply

    support-michael
    Keymaster

    @alfred
    I apologize for the trouble that you are experiencing between MobiOne and your antivirus software. Let me assure you that FSecure’s claim that MobiOe is a virus is a false. We will be in contact with them immediately requesting a resolution since their scanning algorithm clearly need improvement.

    I’m not familiar with FSecure’s de-quarintine mechanism. Most A/V softwarew includes mechanisms to tell either whilte-list the mobione.exe or to Always Ignore mobione.exe in future scans. I am setting up a test env now to see what’s up with FSecure. I’ll report back here any findings.

    #315529 Reply

    support-michael
    Keymaster

    @alfred
    I confirmed your observation with FSecure 2011. Here is the workaround I just performed:

    1) Open F-Secure console

    2) Select Tasks tab

    3) Select Settings>Virus and Spyware scanning…
    a) disable “Turn on real-time scanning”
    b) OK

    4) From Tasks select “Restore a removed file or program”
    a) select mobione.exe and “Restore”
    b) OK

    5) Exclude MobiOne install dir from scanning; from Tasks select “Settings”
    – near the bottom select the link “Open excluded items list”
    See attachment fscan-1.png
    a) select Objects tab
    b) select Add…
    c) navigate to MobiOne installation directory and select it
    e.g., on XP c:\program files\MobiOne Studio
    e.g., on Vista/Win7: c:\users\<youraccount>\AppData\Local\MobiOne Studio
    d) OK
    See attachment fscan-2.png

    6) Select Settings>Virus and Spyware scanning…
    a) enable “Turn on real-time scanning”
    b) OK

    You should now be able to launch MobiOne without fsecure getting all pissy.

    Attachments:
    You must be logged in to view attached files.
    #315532 Reply

    alfred
    Member

    Thanks, it works!!
    I’ll start the test now, it seems very interesting, have a nice weekend!!

    #315626 Reply

    support-michael
    Keymaster

    We found that a recent update among antivirus systems caused some of them to falsely report that MobiOne is a virus. We made an minor update in MobiOne 1.1.2 (released 20110330) that improves A/V compatibility. We tested on over 20 different A/V scanners successfully.

    #315629 Reply

    alfred
    Member

    Thanks! I’ll try it out.

Viewing 6 posts - 1 through 6 (of 6 total)
Reply To: F-Secure detect Mobione.exe – FALSE NEGATIVE

You must be logged in to post in the forum log in