FP on Nook root tool

CIS detected the Nook rooting tool as a virus, specifically, the zergRush portion of the tool.
See: [Blocks OTA's!] Full root for Nook Tablet. [11/20/11] [Permanent root!] | XDA Forums
Location: Nook&Zergy.zip|zergRush
CIS DB# 12658

What should happen is that CIS would optimally identify the program as a rooting tool within the context of its container, and then ask the user if they want to keep it. CIS currently does not provide the user with enough information to decide if the program is actually a “virus”, since it does not identify the program in the context of its container.

Suggest: CIS ID’s the file as a rooting tool, checks the context of the tool (is it contained within an archive or larger program for rooting a Nook?), and then notifies the user of program as found in context. This would give the user enough up-front information to decide if it’s a rogue or something they have on purpose, without having to jump through hoops before declaring the file to the excepted list.

Thanks for a good tool!

[attachment deleted by admin]


Thank you for reporting this.
We’ll check it and get back to you soon.

Best regards


There’s something wrong with the download address u told,
Pls attach the sample file.

Best regards

Hi sctech,

This is to inform you that the sample submitted by you was checked and found to be a potentially unsafe application, if you intent to use it further,you can add it to exclusion list.


Thank-you for attending to this request. What I understand from your response is that, in its current state, CIS will correctly identify the file as potentially unwanted, but is not yet in an advanced enough state of development to do more than that, i.e., CIS currently cannot

  • inform the user as to the type of threat, i.e., identify the file to the user as a rooting tool,
  • suggest an informational url about the file, or
  • provide any further information to the user

I find CIS a helpful tool, but I suggest, as in my original post, that CIS should at least identify the type of threat found, optimally providing users with an informational link. This would allow a user who has need of such a tool to quickly determine whether to add the file to the ignore list, and it would also provide all users with a method for gathering further information should they need help determining what to do.
Thanks. (edited to correct spacing)