Перейти к содержимому


Фото
- - - - -

How to get a coherent response regarding a False positive

false positive support request

  • Please log in to reply
10 ответов в этой теме

#1 Sam Morin

Sam Morin

    Newbie

  • Posters
  • 7 Сообщений:

Отправлено 06 Февраль 2015 - 17:13

Hello.

I've been trying to report a false positive on the software developed by my company, but the only response I receive is that "This is not a false alarm". No additional information. Zero! I've sent multiple emails but nobody answered. Our software is clean and all I want from DrWeb is to receive a coherent and detailed response regarding what exactly it doesn't like.

Is there an email address where the live support team (not a bot) can answer my questions?



#2 sergeyko

sergeyko

    Guru

  • Dr.Web Staff
  • 3 925 Сообщений:

Отправлено 06 Февраль 2015 - 17:46

I suppose there is not much to add besided IT IS NOT A FALSE ALARM.

You say it's clean, Doctor Web thinks it's worth detecting. 

 

Is there an email address where the live support team (not a bot) can answer my questions?

Look it up on the website. 


Sergey Komarov
R&D www.drweb.com

#3 Sam Morin

Sam Morin

    Newbie

  • Posters
  • 7 Сообщений:

Отправлено 06 Февраль 2015 - 19:13

 

 

I suppose there is not much to add besided IT IS NOT A FALSE ALARM.

No, there is much to add, actually. I'd like to know what activity is considered malicious by our software according to DrWeb. DrWeb claims that the software is (or contains) a Downware. Does this mean that our software shouldn't be able to download any files? But that's the exact functionality of our software as it's a download manager. Other download managers do the same, so why does our is considered malicious?

 

 

 

Look it up on the website. 

I went through DrWeb site and didn't find a single email to contact the support. The only address for such cases is vms@drweb.com, but I've failed to receive any extensive answers from there.

 

 

Look, our software is legal and doesn't engage in malicious activity. We respect DrWeb and the work it does, but such claims harm our product and reputation. That's why I'd like to speak with somebody from DrWeb in order to learn what functionality, activity or features are considered illegal by DrWeb. We'll gladly cooperate with DrWeb if only it could explain what exactly is wrong.



#4 sergeyko

sergeyko

    Guru

  • Dr.Web Staff
  • 3 925 Сообщений:

Отправлено 06 Февраль 2015 - 23:19

Well...
Try to look through the upper bar on the main page for "support". If it does work, search with Ctrl-F. Once you've found it, click the link.
Sergey Komarov
R&D www.drweb.com

#5 Sam Morin

Sam Morin

    Newbie

  • Posters
  • 7 Сообщений:

Отправлено 09 Февраль 2015 - 19:27

So I've submitted a feedback/support request (https://support.drweb.com/support_wizard/) and didn't even get a confirmation that DrWeb received it.

I've sent software through the online form (https://vms.drweb.com/sendvirus/) and to the  vms@drweb.com while specifically mentioning in the comment that I'd like to receive a detailed response, but only got "This is not a false alarm".

 

Any other suggestions?



#6 Johnny Sokko

Johnny Sokko

    Newbie

  • Posters
  • 43 Сообщений:

Отправлено 10 Февраль 2015 - 12:02

No, there is much to add, actually. I'd like to know what activity is considered malicious by our software according to DrWeb. DrWeb claims that the software is (or contains) a Downware. Does this mean that our software shouldn't be able to download any files? But that's the exact functionality of our software as it's a download manager. Other download managers do the same, so why does our is considered malicious?

 

 

Downware is generally a PUP classification. A basic definition of a PUP (i.e., Potentially Unwanted Program) is software that is neither a virus nor a Trojan but is of such a nature that most users would want to be alerted to its presence, and in most cases, to have it removed from their computer. (Note: Some variants of downware are classified as adware or Trojans by some antivirus companies.) So, other than sharing the same root word (i.e., down), downware doesn't have anything specifically to do with download managers, although of course, a download manager could be a source of infection.

 

All sorts of different behaviors can cause a program to be flagged as downware. A few examples of such behaviors are as follows: program attempts to connect to a high-risk domain that may pose a security risk, program attempts to download an executable file from the web, program attempts to connect to a medium-risk domain that may pose a minor security risk, program enumerates many system files and directories, process attempts to call itself recursively, program adds or modifies Internet Explorer cookies, no digital signature is present. (Note: The preceding list of detection criteria was taken from McAfee.com. Other antivirus companies may have different or expanded criteria.)



#7 Sam Morin

Sam Morin

    Newbie

  • Posters
  • 7 Сообщений:

Отправлено 10 Февраль 2015 - 14:12

 

No, there is much to add, actually. I'd like to know what activity is considered malicious by our software according to DrWeb. DrWeb claims that the software is (or contains) a Downware. Does this mean that our software shouldn't be able to download any files? But that's the exact functionality of our software as it's a download manager. Other download managers do the same, so why does our is considered malicious?

 

 

Downware is generally a PUP classification. A basic definition of a PUP (i.e., Potentially Unwanted Program) is software that is neither a virus nor a Trojan but is of such a nature that most users would want to be alerted to its presence, and in most cases, to have it removed from their computer. (Note: Some variants of downware are classified as adware or Trojans by some antivirus companies.) So, other than sharing the same root word (i.e., down), downware doesn't have anything specifically to do with download managers, although of course, a download manager could be a source of infection.

 

All sorts of different behaviors can cause a program to be flagged as downware. A few examples of such behaviors are as follows: program attempts to connect to a high-risk domain that may pose a security risk, program attempts to download an executable file from the web, program attempts to connect to a medium-risk domain that may pose a minor security risk, program enumerates many system files and directories, process attempts to call itself recursively, program adds or modifies Internet Explorer cookies, no digital signature is present. (Note: The preceding list of detection criteria was taken from McAfee.com. Other antivirus companies may have different or expanded criteria.)

 

That's exactly the case. My software doesn't do anything from the above mentioned. This is the exact reason why I'd like to get an explanation from DrWeb.



#8 Sam Morin

Sam Morin

    Newbie

  • Posters
  • 7 Сообщений:

Отправлено 10 Февраль 2015 - 18:15

I've received the answer to the request sent via a feedback form.

 

Request (in short):

"Provide more info".

 

Answer:

"Your request has been analyzed. This is not a false alarm. The provided link directs to a website that we do not recommend for visiting. The corresponding record will not be deleted from Dr.Web databases."

 

Well, now at least there are more than six words. Still not a bit informative and totally ignores the spirit of my request. It's actually pretty convenient to claim that any software is full of malware without providing any proofs or details.



#9 fetch

fetch

    Member

  • Posters
  • 324 Сообщений:

Отправлено 11 Февраль 2015 - 00:45

What is the name of your "software"?



#10 Sam Morin

Sam Morin

    Newbie

  • Posters
  • 7 Сообщений:

Отправлено 11 Февраль 2015 - 16:19

Maxiget Download Manager



#11 sergeyko

sergeyko

    Guru

  • Dr.Web Staff
  • 3 925 Сообщений:

Отправлено 11 Февраль 2015 - 17:00

Sometimes I just love Google! 

http://www.im-infected.com/adware/uninstall-maxiget-software-manager-virus-removal.html

 

Sorry. Offtopic off. 


Sergey Komarov
R&D www.drweb.com



Also tagged with one or more of these keywords: false positive, support, request

Читают тему: 1

0 пользователей, 1 гостей, 0 скрытых