JV16 Powertools

cruelsister · February 18, 2011, 10:18pm

I’ve been using JV16 powertools for a few years. They have just come out with their 2011 version. Although the installation went well, when I tried to open the program I got a Defense+ alert stating that:

“jv16PT.exe tried to execute shellcode as a result of a possible buffer overflow attack”.

The webpage is here: http://www.macecraft.com/

Any ideas? The Macecraft board said to report it to you as a FP.

Valentinchen · February 18, 2011, 10:22pm

hey and warm welcome to comodo forums cruelsister!

add it here CIS —> Defense+ —> Defense+ Settings —> Execution control Settings —> Detect shellcode injections (i.e. Buffer overflow protection) —> Exclusions —> Add —> Browse…

Regards,
Valentin N

FangFang · February 18, 2011, 10:39pm

Hi cruelsister ,

We are going to have a look at it and will get back to you after investigation.

Thanks and Regards,
FangFang

jebuchanan · February 18, 2011, 11:14pm

MaceCraft states to exclude this program from any AV as it may report such an attack. Also excluding it will permit JV16 to function properly.
I use this software myself and it is a FP.

cruelsister · February 19, 2011, 12:03am

And I thought I would have to wait a day or so before a response! Thank you all.

FangFang · February 19, 2011, 3:46am

Hi,
The samples <jv16pt_setup_hb.exe> (SHA1: )
u submitted as false-positive is not detected by Comodo Internet Security version <5.3.176757.1236> with database version <7737>. Please make sure the Antivirus database is updated and check again.
Regards,
fangfang

jebuchanan · February 19, 2011, 4:39am

Mine also detected the shellcode execution FP during installation. AV is up-to-date.

Dennis2 · February 19, 2011, 8:21am

It is not a FP as this is nothing to do with the AV.

Possible buffer overflow alerts are from Defense+

oOeagleOo · February 19, 2011, 2:58pm

I can’t remember if i got it during installation, but i get it when i start the program.

http://www.macecraft.com/phpBB3/download/file.php?id=2640

meidan · February 19, 2011, 3:08pm

Hi Lasse88,

Please upload this file to us via Forum, or HERE.
Thanks.

Kind Regards,
Erik M.

oOeagleOo · February 19, 2011, 3:19pm

I have uploaded the file now.

Valentinchen · February 19, 2011, 6:59pm

In which way will sending the file help? this is a d+ alert and not AV alert

Thanks

Regards,
Valentin N

oOeagleOo · February 20, 2011, 2:27am

Hi, This is to inform you that false-positive with (SHA1: ) has been fixed. You can update to AV database Version <7741> of Comodo Internet Security Version<5.3.176757.1236> and confirm it.
Regards,
chenchunli
Comodo AntiVirus Lab
2011-2-20

Still buffer overflow.

languy99 · February 20, 2011, 3:11am

buffer overflow has nothing to do with the AV or D+. What is has to do is with the ■■■■■■ programming jv16 has done with their new version, they have to fix it. Comodo can’t do anything about it, the only thing you can do is add it to the buffer overflow exclusions.

oOeagleOo · February 20, 2011, 12:24pm

Well it’s them who are asking for it. 88) im just doing as they ask me to do.

Dennis2 · February 20, 2011, 12:32pm

I am sorry but were this Topic is they are expected to ask for the file.

If you have further problems with Buffer overflow please post here Defense+ / Sandbox Help - CIS.

Topic Locked if the OP wishes it to be unlocked please PM a online Moderator.

Thank you

Dennis