Total Security Installer Flagged As Malware

BalticSulfuricMollusk
BalticSulfuricMollusk Defender of the month ✭✭
edited March 29 in Security Research Team

As in the title - I have downloaded from my Central account the Windows installer for Total Security and this is being picked up as malware on VirusTotal and Hybrid Analysis.

Trojan.Generic.Win32.1697845 is noted by Zilya via ViusTotal and Trojan.Win32.Malicious.4!e by AegisLab via Hybrid Analysis where Filseclab also notes it as unsafe but with no reason given.

Is the installer safe to use?

EDIT: I have managed to post this twice in different categories so this may need merging

Tagged:

Comments

  • Scott
    Scott Defender of the month ✭✭✭✭✭
    edited March 29

    Hi @BalticSulfuricMollusk

    I just downloaded the installer and confirmed only 1 VirusTotal scanning engine flagged it. I consider it a FP from their, Zillya's end, as I also scanned the installer from my flash drive. You should be safe to run the installer.

    If you wanted further confirmation, @Alexandru_BD or @Flexx could also verify it on their end, too.

    Kind regards,

    Scott

    P.S. I deleted your other thread.

  • Flexx
    Flexx Defender of the month mod
    edited March 30

    The file detected by vendors on virustotal are indeed false positive. Additionally, the file has been shared with zillya! antivirus to get the detection removed from their database.

    Regards

    OMEN Laptop 15-en1037AX (Bitdefender Total Security) & Samsung Galaxy S22 Ultra (Bitdefender Mobile Security)

  • BalticSulfuricMollusk
    BalticSulfuricMollusk Defender of the month ✭✭
    edited March 30

    What about the flags from Hybrid Analysis? This appears via MetaDefender on AegisLab and Filseclab too as a potential threat when scanning the file.

    @Flexx @Alexandru_BD

  • Scott
    Scott Defender of the month ✭✭✭✭✭

    Since you downloaded it from your Central account, and not from another download website, I would consider their findings to be FPs as well.

    If you wanted to, send the file to the malware research experts who will confirm its validity to help give you peace of mind.


    Kind regards,

    Scott

  • Scott
    Scott Defender of the month ✭✭✭✭✭
    edited March 30

    Also to consider, Bitdefender is downloaded 1,000s? of times a day, especially by members using the Family Pack plan, and we have yet to hear of an issue regarding the installer being corrupt or causing issues.

  • BalticSulfuricMollusk
    BalticSulfuricMollusk Defender of the month ✭✭

    I agree with the points made regarding source and number of downloads but it is still concerning when something such as the installer is flagged as potentially malicious.

  • Scott
    Scott Defender of the month ✭✭✭✭✭

    That's fine. I figure you have two choices:

    1) don't use the installer, and forgo installing Bitdefender.

    2) wait for another week, redownload the installer, and try submitting it again to the other sites, and see if they still flag it, or it's cleared as a FP on their end.


    Regards

  • BalticSulfuricMollusk
    BalticSulfuricMollusk Defender of the month ✭✭

    Indeed I agree with the available options. I did however want to raise the matter and thankfully it has been raised with Zilya as FP.

  • Scott
    Scott Defender of the month ✭✭✭✭✭
    edited March 31

    @BalticSulfuricMollusk

    I put this in the "for what it's worth" category (it being newer), as you seem to keep up with PC, and file security protocols, thought you may be interested.

    As of now, it only scans PFDs and Office files.


    Kind regards,

    Scott

  • Flexx
    Flexx Defender of the month mod

    OMEN Laptop 15-en1037AX (Bitdefender Total Security) & Samsung Galaxy S22 Ultra (Bitdefender Mobile Security)

  • BalticSulfuricMollusk
    BalticSulfuricMollusk Defender of the month ✭✭
    edited April 3

    @Flexx thanks for confirming.

    Is it worth flagging a false positive for the detections by MetaDefender via Hybrid-Analysis?

    AegisLab - Trojan.Win32.Malicious.4!e

    Filseclab - no detection type given just notes suspicious.

    It is worth noting the data for those reports is from mid-February (can't post links yet though).

  • Flexx
    Flexx Defender of the month mod

    OMEN Laptop 15-en1037AX (Bitdefender Total Security) & Samsung Galaxy S22 Ultra (Bitdefender Mobile Security)

  • BalticSulfuricMollusk
    BalticSulfuricMollusk Defender of the month ✭✭

    Sorry for the late response - have just tried to post the link here and in a PM but it won't allow me to post the actual links.

    Running the installer through Hybrid-Analyis using Windows 10 flags for under Metadefender and running the file directly through the Opswat Metadefender scanner yields the same results.

  • BalticSulfuricMollusk
    BalticSulfuricMollusk Defender of the month ✭✭

    The forum will not allow me to post links yet here or in PMs - how can I share this detail please?

  • Flexx
    Flexx Defender of the month mod

    I have replied to your query via pm and promoted you to level 2 and you should now be able to post malware result links from metadefender or virustotal.

    Regards

    OMEN Laptop 15-en1037AX (Bitdefender Total Security) & Samsung Galaxy S22 Ultra (Bitdefender Mobile Security)

  • BalticSulfuricMollusk
    BalticSulfuricMollusk Defender of the month ✭✭

    Still getting the message "You have to be around for a little while longer before you can post links." unfortunately.

  • Flexx
    Flexx Defender of the month mod

    I would request you to kindly wait for the admins @Alexandru_BD, @Mike_BD to have a look into this for you. Until then you can copy and share the hash of the file here.

    Regards

    OMEN Laptop 15-en1037AX (Bitdefender Total Security) & Samsung Galaxy S22 Ultra (Bitdefender Mobile Security)

  • BalticSulfuricMollusk
    BalticSulfuricMollusk Defender of the month ✭✭

    Sorry for the late response - have just tried to post the link here and in a PM but it won't allow me to post the actual links.

    Running the installer through Hybrid-Analysis using Windows 10 flags for under Metadefender and running the file directly through the Opswat Metadefender scanner yields the same results.

  • BalticSulfuricMollusk
    BalticSulfuricMollusk Defender of the month ✭✭

    Sorry for the late response - have just tried to post the link here and in a PM but it won't allow me to post the actual links.

    Running the installer through Hybrid-Analysis using Windows 10 flags for under Metadefender and running the file directly through the Opswat Metadefender scanner yields the same results.

  • Flexx
    Flexx Defender of the month mod

    The bitdefender total security setup file has been shared with the vendors that are flagging it as malicious in order to get it removed from their database. The detection is basically false positive.

    Regards

    OMEN Laptop 15-en1037AX (Bitdefender Total Security) & Samsung Galaxy S22 Ultra (Bitdefender Mobile Security)

  • BalticSulfuricMollusk
    BalticSulfuricMollusk Defender of the month ✭✭

    @Flexx thanks for confirming. I should now be able to post links but won't need to in this instance.

    I did suspect it would be a false positive as with the other detections.

  • BalticSulfuricMollusk
    BalticSulfuricMollusk Defender of the month ✭✭

    Interestingly Zilya were very quick to remove the false positive whereas the results on Metadefender still remain the same as of checking today.

    I do however appreciate that in this scenario it is not of great concern given the installer is from my Central account and there would be many more reports if the installer were compromised.

  • Flexx
    Flexx Defender of the month mod
    edited May 1

    The aegislab did not responded back because their website now integrates with other 3rd party website so there is no proper way to contact the support or the malware researchers despite sharing the bitdefender setup file through their website upload tool.

    Nevertheless, there is no point in banging head for the antimalware vendors which have less than 1% reputation in the market and hardly anyone knows about it. The concern would have been only when the well known antimalware vendors would have detected the bitdefender setup file as malicious.

    For future, please always note to share the virustotal link instead of any other 3rd party multiple scanning engine link because there are majority of samples which are detected as malicious by various antimaware vendors and also their engine on virustotal but their engine on metadefender shows the files as non malicious, which clearly states that metadefender uses outdated version of various antimalware engine whereas virustotal is almost up to date. Even virustotal uses aggressive heuristics of various antimalware vendors engine which even their own product may also not detect.

    Regards

    OMEN Laptop 15-en1037AX (Bitdefender Total Security) & Samsung Galaxy S22 Ultra (Bitdefender Mobile Security)