anti-virus bug [Issue Report]

The bug/issue:

  1. What you did: install youtube downloader.
  2. What actually happened or you actually saw: anti-virus alert, thought it FP, so I Ignore ONCE
  3. What you expected to happen or see: when tried to rescan by right click it found nothing.
  4. How you tried to fix it & what happened: cant fix it.
  5. If its an application compatibility problem have you tried the application fixes here?: –
  6. Details & exact version of any application (execpt CIS) involved with download link: (http://youtubedownload.altervista.org/)
  7. Whether you can make the problem happen again, and if so exact steps to make it happen: –
  8. Any other information (eg your guess regarding the cause, with reasons): The second bug I found in the anti-virus while installing the newest version of YouTube downloader During the installation, anti-virus pop-up showed up says detected malware in applicationupdater.exe I thought maybe its FP so I chose to ignore ONCE, however when I went to the app folder to rescan this app by right-click it detect nothing, I took a look in the defence + “view active process list” and i found 2 files that are running since the installation of YTD: Searchsettings.exe and applicationupdater.exe and in the “Verdict” column it says “Trusted/installer” I chose to lookup online (right-click) and they both found as malware. CIS says “do u want to deleat them?” I chose yes however, they only removed from the memory but not from the hard-disk.

Files appended. (Please zip unless screenshots).

  1. Screenshots illustrating the bug: –
  2. Screenshots of related CIS event logs and the Defense+ Active Processes List: antivirusbug.
  3. A CIS config report or file. - attached
  4. Crash or freeze dump file: n/a

so we have 3 bugs here:

  1. Searchsettings.exe IS NOT found as a malware from the anti-virus DB.
  2. “Ignore ONCE” is not “once”, it’s permanent and it set apps as Trusted so the anti-virus wll not check it again.
  3. after the question “do u want to delete this file?” it remove it from the memory but not from the hard-drive.
  1. CIS version= 5.5, AV database version= 9705 & configuration used= proactive:
  2. a) Have you updated (without uninstall) from CIS 3 or 4: No
    b) if so, have you tried a clean reinstall (without losing settings - if not please do)?:
  3. a) Have you imported a config from a previous version of CIS: No
    b) if so, have U tried a standard config (without losing settings - if not please do)?:
  4. Have you made any other major changes to the default config? (eg ticked ‘block all unknown requests’, other egs here.): Heuristics lvl manual scanner: High, cloud scanner enabled.
  5. Defense+, Sandbox, Firewall & AV security levels: D+=safemode , Sandbox=on , Firewall =safemode , AV = stateful
  6. OS version, service pack, number of bits, UAC setting, & account type: win 7 64 bit sp0. UAC =off account: admin.
  7. Other security and utility software installed: None.
  8. Virtual machine used (Please do NOT use Virtual box): None.

[attachment deleted by admin]

You Tube downloader is a typical case of digitally signed malware and can be reported in Report trusted and whitelisted malwares here! [Don’t attach Live Malware !!].

There is a problem where a right click scan of applicationupdater.exe does not detect it as malware where it in the av database.

OK, so it’s explain why applicationupdater.exe does not detected by right clicking… However, why searchsettings.exe is not detected as a malware in the online scanner although its a malware in the CIS’s lookup option.
and why after the question “do u want to delete this file?” it remove it from the memory but not from the hard-drive?

:o ???

yep, I can’t believe they did it…

reported, done.

That is something that needs to be fixed. However, why searchsettings.exe is not detected as a malware in the online scanner although its a malware in the CIS's lookup option.
It gets detected online when I do a look up from View Running Processes with v5.8 beta.
and why after the question "do u want to delete this file?" it remove it from the memory but not from the hard-drive?
That does not seem proper behaviour to me and worth the bug report.

Thanks. :-TU

ohh… sorry I meant The real time scanner… True, it detected by lookup but not by the AV.

what do u mean? If u mean that this is not the job of the defence + so it should say “do u want to block it” rather than “delete” it…

I meant that you did the right thing reporting it as a bug.

:o in second reading I understood lol sorry…

Thank you for your Issue report.

Moved to verified.

Thank you

Dennis