Author Topic: False Positive - HyperSpin.exe  (Read 388 times)

Offline dark13

  • Newbie
  • *
  • Posts: 2
False Positive - HyperSpin.exe
« on: April 18, 2019, 10:46:36 PM »
Comodo firewall detects HyperSpin.exe as a known malware when it tries to access internet.

The behaviour of comodo firewall is not exactly wrong but HyperSpin.exe is not a malware at all.

I'll explain: HyperSpin.exe itself does not have any internet features, if the software tries to connects to internet is because of a loaded .swf's code running inside HyperSpin. A .swf can contain malicious code but it might try to use internet for legit reason. In my case I'm using a .swf that connects to OpenWeatherMap's API to get current weather (I wrote it myself, so I know it's ok lol).

Would it be possible to whitelist the application ONLY and ONLY when it tries to connects to known legit IP like weather's APIs, YouTube and so on?

Thanks in advance

Offline Ionel

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 3534
Re: False Positive - HyperSpin.exe
« Reply #1 on: April 22, 2019, 02:43:50 AM »
Hi dark13,

Can you send us the detected file?

Thanks and regards,
Ionel

Offline dark13

  • Newbie
  • *
  • Posts: 2
Re: False Positive - HyperSpin.exe
« Reply #2 on: April 24, 2019, 08:44:11 AM »
It seems I can't attach the file here, here's a dropbox link with HyperSpin.exe https://www.dropbox.com/s/o67m9xwlsi8sxok/HyperSpin.zip?dl=0 , thank you

Offline Vlad.Pe

  • Malware Research Group
  • Newbie
  • *****
  • Posts: 14
Re: False Positive - HyperSpin.exe
« Reply #3 on: April 24, 2019, 09:43:29 AM »
Hi dark13,

Thank you for submitting the file, we'll check it.

Best regards,
VladPe

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek