HitmanPro blocked F-secure file

Paulus1979

HitmanPro 3.8.0. just gave me the following warning.

Are you aware of a problem with this file?

 

 

Malware _____________________________________________________________________

C:\ProgramData\F-Secure\GUTS2\capricorn-win64\1549003233\aeoffice.dll
Size . . . . . . . : 1.011.680 bytes
Age . . . . . . . : 0.1 days (2019-02-01 08:52:14)
Entropy . . . . . : 7.3
SHA-256 . . . . . : 42DD96085BE703DB739F694F433BF03E9BFF07DDE81CA9659EB39F2A439524C7
Product . . . . . : AVOFFICE
Publisher . . . . : Avira Operations GmbH & Co. KG
Description . . . : Avira Engine Module for Windows
Version . . . . . : 8.4.10.8
LanguageID . . . . : 0
> Kaspersky . . . . : HEUR:Trojan.Win32.Generic
Fuzzy . . . . . . : 98.0

nanonyme

Hey, 

Running two antivirus programs on same machine is completely unsupported, they may well detect each other's virus databases as viruses preventing either from protecting you. 

bjm_

HitmanPro is on-demand second opinion scan tool. Not real-time. Not AV

nanonyme

Hey, 

The same applies for also on-demand scanning, it's not limited to real-time scanning. Databases and engines are quite likely to trigger false positive detections and removing those makes the antivirus software detect less things. 

Ukko

Hello,

 

Sorry for my reply. I am only an F-Secure user (their home solutions).

 

Just interesting:

Does your experience still show that HitmanPro partner engine detects an F-secure file as 'potentially' malicious? Or it was one-time experience?

 

Based on your log and item SHA-256 hash - this file has been corrupted(?). At least, digital code signing signature/cert were.

Perhaps this is possible if the item was during writing/creation (temporary or even update); interrupted during update/create/write; broken item (temporary trouble).

Otherwise, item is modified or tricked during certain stage. What is a little be strange for home use situation.

And likely that troubles with signature verification was a reason for generic detection (HEUR:Trojan.Win32.Generic).

 

Maybe if your experience is still about such a detection (or if the original item is still available) - possible to check it manually. What is state of file's digital signature?

 

My own experience and "aeoffice.dll" are about valid situation probably (though, I check it with beta F-Secure SAFE solution). At least, the file is signed normally; and HitmanPro did not detect after a brief check.

But as was suggested with other replies - detection of each other's signatures is most likely a probable situation. Although my own steps in this kind of situation with detection are attempts to contact F-Secure Labs:

• https://www.f-secure.com/en/web/labs_global/submit-a-sample#sample-file

and the company that detects the item.

 

Thanks!