Announcement

Collapse
No announcement yet.

McAfee flagging Powerbasic

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • McAfee flagging Powerbasic

    As of this morning, the version of McAfee that runs on a QNAP server I run started flagging PBWin.exe ( SHA-256 hash DD26AF47C3973F67459A7C80826409C3A9AE59DACF1A5C177B0B9A094EAA8BF0) as being infected with "RDN/Generic.RP". Anyone else have an issue with McAfee? Webroot & Sophos don't have an issue with the file. I believe it's a false positive, but in the past I've found reporting false positives to McAfee to be problematic (i.e. they dig their heals in on known clean false positives.) Virustotal gives it a 3/66 with CrowdStrike Falcon, McAfee-GW-Edition & McAfee flagging it.
    Michael Burns

  • #2
    Michael,
    If that is the case then they should give your money back for the last 18 years.
    The new definitions must not like old 32 bit code. Oh, if only we had a 64 bit PBWin version.

    Comment


    • #3
      Well, false positigves happen all the time with lots of software. Just report it to McAffee, and I'm sure they will fix it with the next release. Did this with KAV a few weeks ago, when it reported a (compiled) sample of PB/Win as malicious (one of the COM samples, IIRC). Used KAV's reporting site (https://virusdesk.kaspersky.com/) to report it, got a personal answer within one business day, the flagging stopped.

      Comment


      • #4
        Its pretty common for the junky end of AV scanners to have poor heuristic scanning and when they authors don't properly understand the Microsoft Portable Executable specifications, they get lazy and flag false positives. The risk with this trash is that in trying to fool you with flashy results, they miss the serious ones that damage data or the OS installation.

        Each to their own but my choice is MalwareBytes run only on demand. I recently cleaned out a laptop for a friend that has over 1100 problems, killed the lot first run and second run found nothing.
        hutch at movsd dot com
        The MASM Forum

        www.masm32.com

        Comment


        • #5
          Knuth Konrad

          Kaspersky was removed from the US GSA schedule as a vendor, usually this is for a VERY valid reason. You might want to look at another, non-nation state connected vendor.

          LOTS of cyber intelligence sites back up this move.
          <b>George W. Bleck</b>
          <img src='http://www.blecktech.com/myemail.gif'>

          Comment


          • #6
            Avast has been recently causing our software not to launch...It will not report a problem but just will not launch the software and will have the window rotating arrow rotating forever. I tell our software users to either disable Avast or make the software an acceptable one and then everything works fine.

            Comment


            • #7
              The most effective approach I have found with lousy heuristic scanning is a subforum in the MASM forum called "AV Software sh*t list". The problem tend to magically go away.

              George, you may have to block AV software from the US as well as there is a very good chance that it is compromised by the CIA, FBI, NSA, Pentagon, DoD, Ku Klux Clan, Black Power, the Democrat and Republican party conventions and all part of the US nation state.

              General drift is the ban on Kaspersky was part of the Democrat's "lets be nasty to the ruskies" campaign. You greatest risk is the built in "Telemetry" (Spyware) built into the OS.
              hutch at movsd dot com
              The MASM Forum

              www.masm32.com

              Comment


              • #8
                Steve, you might want to look up the various intels regarding this... I won't push the issue but suggest all take a REAL hard look at the MANY sources outside of the US Gov.

                And yes... we all need to worry about the telemetry too hence why I do quite a bit of firewalling in my house.
                <b>George W. Bleck</b>
                <img src='http://www.blecktech.com/myemail.gif'>

                Comment


                • #9
                  Originally posted by George Bleck View Post
                  Knuth Konrad

                  Kaspersky was removed from the US GSA schedule as a vendor, usually this is for a VERY valid reason. You might want to look at another, non-nation state connected vendor.

                  LOTS of cyber intelligence sites back up this move.
                  I know the reason and it's the BS. The tl;dr was:

                  - KAV got hold of sensitive information due to a specific KAV user's agreement to do so.
                  - U.S. intelligence went "Waha TEH RUSSIANZ! BANZ KAV!"

                  Turns out what happened was an independent contractor
                  - installed KAV on his private computer without paying attention to the options the installer offered (a single window asking about participating in KSN)
                  - took home classified material and put it on his private computer
                  - searched the web for a keygen for MS Office activation
                  - downloaded an infected keygen (well, color me surprised...) , used it on said computer
                  - KAV caught the malware and...
                  - ... as the contactor agreed to share potentially malicious samples with KAV (via KSN), the files got uploaded to KAV

                  Source:
                  - https://arstechnica.com/information-...aspersky-says/
                  - https://arstechnica.com/information-...lp-steal-them/

                  That said, the real question never got answered or even mentioned by th 3-letter-agencies: how the hell is an independent contractor allowed to take classified material out of the building an put it on his private computers?

                  Comment


                  • #10
                    Knuth. Now you know that no government or government related person is going to get into real long lasting trouble unless it involves monetary consideration.
                    p purvis

                    Comment


                    • #11
                      Not that easy to get a corporate user of a PBWin app to change their AV software! The biggest single issue I've experienced is where a site runing our app on 1200+ workstations set Sophos up to scan EVERY file in EVERY folder on the server whenever ANY access took place. Of course the significant degradation in the performance of our app was OUR problem and as their IT Security policy said that outside vendors should not dictate the internal security policies, we hit major issues.

                      Comment


                      • #12
                        Knuth Konrad I will quote a post I made almost a year ago:

                        The federal government over here is freaking out about Kapersky and wants it banned and is even telling us citizens not to use it. The problem is they are too stupid to realize the Kapersky AV software is not the issue (at least what I know at the time of this writing). The company who is working with the Russian government is the one started by Kapersky's ex-wife. Entirely different company. Nothing hidden either, as her company is openly working with the government.

                        Avast bought Piriform (the maker of CCleaner) in July of 2017. In September 2017, it was found that CCleaner was responsible for one of the biggest acts of industrial espionage I can remember. The infected version of CCleaner was also found to have been on the Piriform servers since August of 2017, which is one month after the acquisition by Avast. I am willing to accept (perhaps naively) that nothing was intentionally done by Avast and this arose because of the normal ineptness they have demonstrated with their AV software for many years. I have no problem believing Avast is that incompetent.

                        What the federal government should be freaking out about and banning and telling us citizens not to use, is any software produced by Avast, and their holdings, like AVG, CCleaner, etc. Avast is the one who is ultimately responsible (by not securing their servers and their software and distributing the infected software for a month) for the industrial espionage which has the potential to have cost companies like Microsoft, Intel, Sony, Cisco, Dell, Samsung and countless others, billions of dollars in damage.

                        The only way for indie developers to legitimately combat the false positive issue is by educating our customers. And in the case of Avast, educate our customers why they should not even have AVG or Avast installed on their computers and the potential security liability they present.

                        These AV authors have literally made it almost impossible for an indie developer to exist. Something I have raved about for years, but it is getting increasingly worse over the years. Even if indie developers tell their customers the truth, that the program is fine and the AV company is wrong, the customers are still going to believe the multi-million dollar AV company and not run your software and bad mouth it for viruses.

                        As indie developers, we are expected to do the work of the lazy and incompetent AV authors and report false positives and hope and pray they safe list our program, which may or may not happen and may or may not require money changing hands. Self-proclaimed AV experts, have been running roughshod over indie authors for many years. The only ones who are not routinely dealing with false positives are the major software companies who do exchange some $$ with the AV authors.

                        I am amazed there have not been multiple class action suits against every AV author out there due to their continued false allegations that a program is or may be harmful when it is not.

                        Very hard to think about even trying to compete in today's software market...



                        Originally posted by Owen English View Post
                        Of course the significant degradation in the performance of our app was OUR problem and as their IT Security policy said that outside vendors should not dictate the internal security policies, we hit major issues.
                        Kinda ironic when you consider Windows has such a failed security model that it puts the burden of security on the end user, who in turn relies on third-party vendors to provide the security.
                        I am legally blind. Please forgive any typos. I do try and catch as many as I can.

                        Comment


                        • #13
                          Originally posted by Brice Manuel View Post
                          Kinda ironic when you consider Windows has such a failed security model that it puts the burden of security on the end user, who in turn relies on third-party vendors to provide the security.
                          Well, I'd say these war stories from the dark old days should finally be put to a rest. MS has come a long way dealing with security issues. Windows Defender in Windows 10 is at least on par, sometimes even better than commercial AV software, according to various tests I've read in the last years. Yeah, it lacks some of the bells and whistles that other products offer. But I personally becoming more and more annoyed with all the bloatware that comes bundled with each new version of KAV. And I seriously consider to drop it. It stills scores good to very good on actual virus detection and that's my personal experience, too. My colleagues and I use it as a supplemental AV at our company, to verify alarms of our primary AV solution (Trend Micro Officescan). E.g. once TM reports a machine as infected and claims it has cleaned the threat, we do a second scan with KAV on that machine and on a few occasions, KAV revealed a malicious component that TM missed. So I have nothing to complain about it's scan/detection capabilities.

                          But all that Parental Control, VPN, Secure Payment, Web Traffic Monitoring (installing a root certificate and injecting itself into every encrypted traffic, thereby defying the purpose of a trusted certificate chain), Activity Monitoring ... that's just too much.

                          And it has actually started to break stuff: if I don't stop it's service (The "disable" option of it doesn't work), e.g. apt on Ubuntu Server (using WSL) doesn't work. It can't reach the official Ubuntu repository servers. This has happened back in 2016, when WSL was first introduced ... OK, I give it to Kaspersky that they needed to figure out how to deal with that. But that it now happens again, two years later (worked in W10 1709, stopped working in 1803 and hasn't been fixed), is troubling.

                          Comment


                          • #14
                            I also run Malwarebytes (Premium version ) with Real-Time Protection.
                            Even if you don't use real-time protection, please see post #4 by Steve Hutchesson.
                            Real-Time protection catches items if you click on links to news stories on MSN and such.
                            Bottom line, don't click on those links on a production machine.

                            I get McAfee for free and it works well, but takes some configuration to exclude files that get created.
                            Even then, it caused me too much time when it decided to block a new executable.

                            Michael,
                            Did you try adding a manifest and version control block to your program to see if McAfee accepts it?
                            Packers like UPX may save a few bytes, but will cause this problem.
                            https://www.tesla.com/roadster

                            Comment


                            • #15
                              Originally posted by Knuth Konrad View Post
                              Windows Defender in Windows 10 is at least on par, sometimes even better than commercial AV software
                              In the last year, Windows Defender has finally become a serious contender. Never use it myself, and only because I am not in a position to keep Windows 10 updated. 128K DSL connection. :c( So, I keep updates and all of the telemetry nonsense blocked.

                              I only have one system connected to the internet and I use Panda (which is very light on resources and rarely gets in my way) and I keep ClamWin AV.installed, which I trust the most, but it is not real-time protection (although there is an addon for real-time, but it is too resource intensive)..
                              I am legally blind. Please forgive any typos. I do try and catch as many as I can.

                              Comment


                              • #16
                                Hey Brice,
                                I'd like to send you an email. If you're receptive, would you send me an email at gbeene@airmail.net? I'll respond to that.

                                Comment


                                • #17
                                  Originally posted by Knuth Konrad View Post

                                  Well, I'd say these war stories from the dark old days should finally be put to a rest. MS has come a long way dealing with security issues...

                                  You can never put it to rest when MS keeps pulling sophomoric stunts like this new one below. Just when you start to give some legitimacy to MS and think they are finally getting on the right track, they do something that leaves you shaking your head in pity.

                                  “Open Sesame” Bug Allows Anyone to Hack Windows 10 Using Just Their Voice
                                  I am legally blind. Please forgive any typos. I do try and catch as many as I can.

                                  Comment


                                  • #18
                                    Agreed, in theory that shouldn't happen. In practice however, over the last couple of years, every other major OS has had more vulnerabilities:

                                    https://www.cvedetails.com/top-50-pr....php?year=2017
                                    https://www.cybrnow.com/10-most-vulnerable-os-of-2017/

                                    Comment


                                    • #19
                                      Luckily, the market share of competing OSes almost negates the security issues.

                                      There is no perfect OS. Windows 10 is dang stable and it is easy to block all the nonsense and make it function much the way Windows used to.

                                      I prefer Windows 7, but Windows 10 is definitely not as heavy. Which us a win-win for studio use.
                                      I am legally blind. Please forgive any typos. I do try and catch as many as I can.

                                      Comment


                                      • #20
                                        Brice, what do you mean when you say that Win10 is not as heavy as Win7?

                                        Comment

                                        Working...
                                        X