hi, thanks for reading this.
i have tried hard to found a solution for the following problem.
i use a backup program called secondcopy.exe
i do not want cis to scan for viruses when secondcopy.exe is running.
under the ‘antivirus behavior settings, exclusions’.
i click ‘add’ then click ‘browse running processes’, then i select ‘secondcopy.exe’.
yet when i run secondcopy, cis stills displays pop-up dialog box asking for me to ‘clean or ignore’.
thanks in advance,
you can add the files the the trusted files under defense +
hi, thanks for the quick reply.
i have already tried that, it does not solve the problem.
i keep getting anti-virus pop-ups
thanks much.
weird that should work. Does the file change each time you run it?
Can you upload the file to virustotal and post the link here
i have used the program for over 10 years. it does not self-modify itself.
i am going crazy.
i am copying from files from one computer to another computer.
both computers have cis and both machines display the pop-ups, that is weird…
your best bet would be to submit the false positive so it gets fixed
How to report false positives
hi, thanks again for the taking the time to help me.
i do not think the problem is a false postive.
using a file manager program called total commander, i have the extact same issue.
the total commander was added to the virus exclusions and as a trusted program in defense+.
any ideas?
thanks
can you post a screenshot of the popup you are seeing
i am running the following setup.
i have my two laptops connect with a crossover network cable.
my ‘old’ laptop is running windwows 7 ulitmate.
my ‘new’ laptop is running windows 7 professional.
i have tried to use the following programs on both computers for testing.
total commander, secondcopy, windows explorer and teracopy and cmd.exe command prompt
i have attached the alert for both computers.
i am running cis in ‘paranoid’ mode on both computers.
thanks
[attachment deleted by admin]
please upload both files to virustotal and post the links here
this cannot be a false postive.
two different computers,
two different versions of cis.
many differrent program used for copying that will trigger the message.
there are dozens of comptuers files that will trigger the alert message.
any other suggestions?
thanks
if you dont think its a false positive do you think its a threat? this is why i have asked you twice already to upload to virustotal this will tell us if its a threat or false positive. Will you please do what i requested
A false positive is when security software mistakenly flags something as malicious.
HeffeD, thanks for the reply.
i do know what a false positive is.
that is why i do believe that my issue is not that.
if it were a false postive, that what files should i upload?
this happens on two computers, with two different versions of cis.
many programs i use for file copying all behave the same way.
many data files are causing the pop-up message.
so it seems to me that it cannot be a false positive.
perhaps there is some setting causing the pop-up.
thanks
i have figured out the issue.
the alert message come from the ‘heuristics scanning level’
if i set the level to off, the the alerts for unclassified malware do not appear.
thanks to all for the help.
for what it is worth, i have been reading topics in the forums.
it seems many people suggest that the solution to many problems are false positve, to upload the file.
but it was clear given my situation, false positive was not an issue…
If you were getting a detection from a safe application, then that indeed is a false positive…
Please note that by disabling heuristics, you have nullified the AV’s ability to detect zero day malware.
thanks, i do not know what is a ‘safe’ application is.
my cis, i disable creating rules for safe applications.
thanks for the advise about zero day malware, perhaps i should turn on the heuristics again…
By safe application, I mean an application that is not malicious. In other words, an application that is safe to run on your computer.
If a safe application generates a malware alert, this is what is known as a false positive. This is why wasgij6 asked you to report it.