Behavioral False Positive

When i start my pc bitdefender alert (this file try modify de regist). And alert for Potencial harmful applications.


Is this file


Password: infected


/applications/core/interface/file/attachment.php?id=3439" data-fileid="3439" rel="">ctfmon.zip

Comments

  • rootkit
    rootkit ✭✭✭

    Very clean !


    http://www.virustotal.com/analisis/53d47fe...f595877386db818


    Just allow the program to modify the registry. This is a Windows program.

  • it is a system file on everycomputer. however i have never seen it try to modify, or even access the registry

  • The file is indeed clean. I will forward it to the guys working on the behavioral engine. In the meantime, you should be able to allow the file to run without consequences.

  • Di0g0
    edited October 2008

    My BitDefender Bihavioral detects de windows live messenger and virtual dj!!


    behavioralfalsepositivevz3.th.jpgthpix.gif


    Link of windows live messenger: http://www.microsoft.com/downloads/details...;DisplayLang=en


    behavioralfalsepositiveas1.th.jpgthpix.gif

  • Di0g0
    edited October 2008

    I DOWNLOADED MY MSN FROM THE SITE: http://www.microsoft.com


    MICROSOFT HAVE VIRUS????


    ...... WAIT FOR A ESPET! <img class=" />


    VIRUS TOTAL RESULT:


    http://www.virustotal.com/pt/analisis/230c...5c317c4ab02a64f


    VERY CLEAN


    WINDOWS OPERATINGS SYSTEM??? BITDEFENDER CRAZY? (SISTEMA OPERATIVO MICROSOFT WINDOWS - PORTUGUESE) WINDOWS OPERATING SYSTEM - ENGLISH!


    virus3gq0.th.jpgthpix.gif


    VERY MUTCH BUGS!

  • Di0g0
    edited October 2008

    This is the BEHAVIORAL FALSE POSITIVE FILES!!!


    PASSWORD: infected


    PLEASE FIX THIS FALSE POSITIVE!


    OTHER FALSE POSITIVEEEE PLEASEEE FIXX ALLLLL!!!!


    The file is big can't upload in the forum


    go to this link and download: http://www.xpcodecpack.com/download


    Bitdefender Behavioral its a big ......... <img class=" />

    /applications/core/interface/file/attachment.php?id=3488" data-fileid="3488" rel="">drwtsn32.zip

    /applications/core/interface/file/attachment.php?id=3489" data-fileid="3489" rel="">msmsgs.zip

  • csalgau
    csalgau ✭✭
    edited October 2008

    Dear sir.


    Behavioral detections are just that - behavioral. We cannot create a database with every clean files in the world and exclude those from monitoring. As long as a file acts like malware could act, you may be prompted about that. If you are confident that that the file is clean, you may Allow it to proceed with what it was doing. We are not slapping a malware tag on everything that's moving.


    If you find this disturbing, you may disable behavioral analysis.

  • The Behavioral Scanner is something that the users have requested on this forum for a long time (some kind of high heuristics). I admit that Behavioral Scanner and Intrusion Detection System (from the Firewall settings) are somehow paranoid, but for advanced users they are fine.


    Actually, these systems are kind of a HIPS (Host Intrusion Prevention System - something that it was also requested for a long time). A HIPS doesn't really care whether or not an application is clean or legit, but it alerts the user whenever a process tries to do something, anything that affects other processes (like killing/starting processes, code injection, system shutdown, etc...). In fact, BD's systems (Behavioral and IDS) are very limited. Just try a real HIPS application (like System Safety Monitor), and you'll see alerts over alerts, related to about all processes (including winlogon.exe, svchost.exe, and other system-critical processes).


    As Catalin said, if you cannot handle these alerts, please disable the Behavioral Scanner and the Intrusion Detection System modules.


    And about the Windows Operating System (Post#8), BitDefender just looks at the application's properties and displays the Product Name. For many Windows components, that name is Microsoft Windows Operating System, and who's fault is that? You guessed it: Microsoft's, not BitDefender's. And here's an example, for drwtsn32.exe:


    post-60-1223797981_thumb.jpg


    Cris.

  • Di0g0
    edited October 2008

    Ok but i have a big problem, i installed prevx (anitivirus) and can't remove this!! in the installation have an error and everytime i bind my computer the computer show a error in the screen (PREVX) can't delete the folder!! And prevx don't have uninstaller!!


    Helppp


    CAN'T KILL THE PROCESS

  • matabufalez
    edited October 2008
    Ok but i have a big problem, i installed prevx (anitivirus) and can't remove this!! in the installation have an error and everytime i bind my computer the computer show a error in the screen (PREVX) can't delete the folder!! And prevx don't have uninstaller!!


    Helppp


    CAN'T KILL THE PROCESS


    You should review this:


    http://info.prevx.com/removaltool.asp


    If you can shut down prevX,run the tool by Windows Safe Mode.


    If this solution does not work:


    You can try go ro Start->Run->type %SystemRoot%\System32\restore\rstrui.exe


    Choose Restore System and select a date before intall PrevX.


    Goodbye

  • WORKSS!!! THANK YOUU MATABUFALEZ!! SOY ESPANHOL! XD

  • matabufalez
    edited October 2008
    WORKSS!!! THANK YOUU MATABUFALEZ!! SOY ESPANHOL! XD


    De nada diogo,portugues!


    Vivo en Vigo <img class=" /> :lol:


    Saludoos!


    MODERATOR EDIT: NEXT TIME IN ENGLISH, PLEASE !