climateprediction.net (CPDN) home page
Thread 'why does my anti-virus program think "hadam3p_afr_7.22_windows_intelx86.exe" is malware?'

Thread 'why does my anti-virus program think "hadam3p_afr_7.22_windows_intelx86.exe" is malware?'

Questions and Answers : Windows : why does my anti-virus program think "hadam3p_afr_7.22_windows_intelx86.exe" is malware?
Message board moderation

To post messages, you must log in.

Previous · 1 · 2

AuthorMessage
Niall

Send message
Joined: 18 Dec 13
Posts: 62
Credit: 1,078,935
RAC: 0
Message 51332 - Posted: 27 Jan 2015, 10:17:20 UTC
Last modified: 27 Jan 2015, 10:28:52 UTC

Avast informs me that this false positive will be corrected in the next update. The Gods in the machine have otherwise, to date, been sending me non-afr work units.

In the interim, I have overcome the problem by:
* Excluding BOINC from scans
* Excluding the CPDN download servers from scans

I also temporarily suspended the anti-virus functions and retried the download. The file is now sitting on my computer. Whether it's allowed to run remains to be seen.

EDIT: I suspended everything else and tried starting the afr work unit. Avast decided to block it. Sadly, this was the third iteration of this work unit (hadam3p_afr_raey_2013_1_009440447), so it now won't be done. Miffed.

I have updated my preferences to avoid downloading any more until Avast gets this fixed.
ID: 51332 · Report as offensive     Reply Quote
Jonathan Miller

Send message
Joined: 27 Jul 12
Posts: 21
Credit: 269,602
RAC: 0
Message 51338 - Posted: 29 Jan 2015, 11:55:49 UTC - in response to Message 51332.  
Last modified: 29 Jan 2015, 12:10:13 UTC

I can confirm that we have checked this file, and our procedures to ensure that is virus free.
The file is reported by heuristic scanners as 'virus-like' which is inevitable because of the nature of BOINC.

I have spent quite some time contacting various antivirus vendors alerting them to this particular false positive.

Avast
Symantec
Norman
Cyren
DrWeb
TrendMicro

and the meta site:

https://www.virustotal.com/en-gb/file/07b01fccd043d22519a8cae4cc82c2dd38935463ab5776a63759ced3dbd45cf9/analysis/

I am not sure what else we can do.

Jonathan Miller

CPDN Sys-Admin
ID: 51338 · Report as offensive     Reply Quote
Jonathan Miller

Send message
Joined: 27 Jul 12
Posts: 21
Credit: 269,602
RAC: 0
Message 51352 - Posted: 2 Feb 2015, 13:50:29 UTC - in response to Message 51338.  

Cyren have confirmed that this is indeed a false positive, the file is not malicious.

Jonathan Miller
CPDN Sys-Admin
ID: 51352 · Report as offensive     Reply Quote
Matthias Lehmkuhl

Send message
Joined: 24 Sep 05
Posts: 7
Credit: 3,548,348
RAC: 2,879
Message 51403 - Posted: 13 Feb 2015, 9:05:54 UTC

Hi,
I found for TrendMicro, that the web-reputation service is causing the problem.
The web-reputation service doesn't allow a download from the download share you are using for the boinc program files like "hadam3p_afr_7.22_windows_intelx86.exe".
The project program files are created, but only contain the info text from web-reputation service.

Will try to post the web-reputation message from file tonight.

Matthias
ID: 51403 · Report as offensive     Reply Quote
ProfileConan
Avatar

Send message
Joined: 6 Jul 06
Posts: 147
Credit: 3,615,496
RAC: 420
Message 51409 - Posted: 13 Feb 2015, 22:29:54 UTC - in response to Message 51403.  

Hi,
I found for TrendMicro, that the web-reputation service is causing the problem.
The web-reputation service doesn't allow a download from the download share you are using for the boinc program files like "hadam3p_afr_7.22_windows_intelx86.exe".
The project program files are created, but only contain the info text from web-reputation service.

Will try to post the web-reputation message from file tonight.


I was having TrendMicro block a number of Climate models. I was able to check under threats what was blocked and then allowed for this to be excluded from now on, also sent of information to TrendMicro that these are false positives.

All now working OK.

Conan
ID: 51409 · Report as offensive     Reply Quote
Veridian 4

Send message
Joined: 9 Mar 05
Posts: 4
Credit: 1,003,994
RAC: 204
Message 56046 - Posted: 12 Apr 2017, 8:40:53 UTC

I discovered this is not just happening to the hadam3p- files, but also to the wah2- files.

Norton removed the file "wah2_8.24_windows_intelx86.exe", telling me that it carried a heuristic virus.
ID: 56046 · Report as offensive     Reply Quote
Les Bayliss
Volunteer moderator

Send message
Joined: 5 Sep 04
Posts: 7629
Credit: 24,240,330
RAC: 0
Message 56047 - Posted: 12 Apr 2017, 9:19:32 UTC - in response to Message 56046.  

It's the Norton program that's the problem.
See if you can find where/how to exclude all of the BOINC data section, which includes the cpdn files.
ID: 56047 · Report as offensive     Reply Quote
Previous · 1 · 2

Questions and Answers : Windows : why does my anti-virus program think "hadam3p_afr_7.22_windows_intelx86.exe" is malware?

©2024 cpdn.org