Results 1 to 8 of 8

Thread: ZoneAlarm Browser Security false positive?

  1. #1
    els Guest

    Default ZoneAlarm Browser Security false positive?

    Hi. I was wondering if anyone could advise me on the following, please?

    I'm getting a malware alert from ZoneAlarm Browser Security on attempting to download Photomatix v3.2.7 from www.hdrsoft.com. I was somewhat surprised by this, so I've scanned the problem file at www.virustotal.com, which gives it a clean bill of health.

    Is this is reasonable indication that the malware warning is a false positive? As far as I am aware Photomatix is a widely used application.

    Thanks

    System details:
    ZoneAlarm Security Suite 9.1.008.000
    ZoneAlarm Browser Security 1.5.53.4
    Firefox 3.5.8
    Windows XP sp3

  2. #2
    Join Date
    Jun 2006
    Location
    The 3rd Coast - South Central Texas
    Posts
    10,463

    Post Re: ZoneAlarm Browser Security false positive?

    Note that:
    You can exclude the files from the 'on-access' scanning under the advanced options of the antivirus/antipsyware section (Virus Management --> Exceptions)
    You can exclude the files from the 'on-demand' scanning under the advanced options of the antivirus/antipsyware section (Scan targets)


    How to report antivirus/antispyware false positives
    NOTE: Only valid for ZA versions 9.1 or above.


    First seek confirmation of the false detection; upload the file(s) to
    www.virustotal.com . If confirmed:
    Go to the advanced options of the antivirus/antipsyware section (Automatic Treatment) and set it to "Alert me - Do no treat automatically". Restore the file from Quarantine and next time the threat is detected, you will be able to exclude it (drop down menu and choose: "ignore always" or "ignore once").

    Send the file(s) in a password protected zip to newvirus at kaspersky dot com. Subject: false positive. Include password in the e-mail.

    Please also report the name of the detection in the e-mail.

    Note that:
    You can exclude the files from the 'on-access' scanning under the advanced options of the antivirus/antipsyware section (Virus Management --> Exceptions)
    You can exclude the files from the 'on-demand' scanning under the advanced options of the antivirus/antipsyware section (Scan targets)


    REMEMBER to remove the exclusions once the false positive has been corrected!

    GeorgeV
    ZoneAlarm® Extreme Security


    Click here for ZA Support
    Monday-Saturday__ 6am to 10pm Central time
    Closed Sundays and Holidays

  3. #3
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,287

    Default Re: ZoneAlarm Browser Security false positive?

    Quote Originally Posted by els View Post
    I'm getting a malware alert from ZoneAlarm Browser Security on attempting to download Photomatix v3.2.7 from
    Please specify exactly which kind of warning you get. Exact message?
    Do you select the advanced scanning after the download? Or is it the standard signature based scanning pop-up telling you about a xyz virus?

    You need to be more specific

    Thanks,
    Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  4. #4
    els Guest

    Default Re: ZoneAlarm Browser Security false positive?

    GeorgeV, Fax,

    Thanks for your responses. The message displayed is as follows:

    "ZoneAlarm Browser Security security scan has found this file malicious. Click here for details Malicious software can harm your computer or violate your privacy"

    I can't check my precise Browser Security settings right now, but the message appears to be generated by a scan after the file has been downloaded in to the Browser Security sandbox.

    I guess the ZA Browser Security scan uses different algorithms to ZA Anti-virus, as the latter does not find anything wrong with the file in question. If so, is the Browser Security scan also based on Kapersky technology (i.e. would sending the problem file to newvirus at kapersky dot com still be helpful)?

    My e-mail provider doesn't permit sending encrypted zip files as attachments, but I could mail HDRsoft to suggest that they notify Kapersky themselves.
    Last edited by els; March 9th, 2010 at 10:29 AM. Reason: typo corrected

  5. #5
    els Guest

    Default Re: ZoneAlarm Browser Security false positive?

    Quote Originally Posted by fax View Post
    Do you select the advanced scanning after the download? Or is it the standard signature based scanning pop-up telling you about a xyz virus?
    I've now checked my Browser Security settings:
    On the Advanced tab, I have all the Web Protection and Anti-Spyware options selected (though the Anti-Spyware section has a link next to it saying "Not available - click to activate" and some of the options are greyed out).

  6. #6
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,287

    Default Re: ZoneAlarm Browser Security false positive?

    yes... most likely a false positive. Check with virustotal.com.
    If confirmed then report directly to ZA tecnical support. Links in my signature. Specify its a forcefield advanced scan... not to be mixed up with the antivirus detection.

    Heuristics and behavior analysis can generate false positive. If you trust the source then there should be no problem.

    Cheers,
    Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  7. #7
    els Guest

    Default Re: ZoneAlarm Browser Security false positive?

    That's great, thanks for your advice Fax.

    I scanned the file at www.virustotal.com earlier (all clear) and have now chatted with ZA tech support to report the results.

  8. #8
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,287

    Default Re: ZoneAlarm Browser Security false positive?

    you're welcome

    Cheers,
    Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. False Positive
    By LakotaElf in forum ZoneAlarm Anti-virus & Anti-spyware
    Replies: 5
    Last Post: September 27th, 2009, 11:23 AM
  2. Possible false positive
    By macoz in forum Windows and ZoneAlarm Messages and Alerts
    Replies: 7
    Last Post: November 9th, 2008, 11:01 AM
  3. Possible False Positive?
    By dbled in forum ZoneAlarm Anti-virus & Anti-spyware
    Replies: 5
    Last Post: June 16th, 2008, 08:48 PM
  4. ZAP false positive security warnings
    By bohemian_one in forum Windows and ZoneAlarm Messages and Alerts
    Replies: 13
    Last Post: October 20th, 2006, 06:36 AM
  5. Zone Alarm alerts Mozilla Browser "changed program" - could this be a false/positive?
    By libra in forum Windows and ZoneAlarm Messages and Alerts
    Replies: 4
    Last Post: March 31st, 2006, 06:04 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •