Infections detected when creating bottle w/ CrossOver Mac, False Positive?

adamlogan
adamlogan Posts: 5 New Member

I installed CrossOver for the Mac out of frustration with Parallels hosing a lot of my virtual machines lately. Went to create my first couple of bottles, a Windows 10 64bit bottle, and then a Windows 32 bit bottle. Both bottles got nabbed by F-Secure, the list of infections were put in the Trash bin. I really would rather have a way to cancel quarantine, and put files back in F-Secure rather than having to rout around in the trash bin which may be mixed in with a lot of other stuff. Would appreciate if someone could confirm if this is a true infection or if this is a false positive. Wasn't sure if I should report here or elsewhere, but since I'm dealing with the beta and not a standard product, I'm reporting here first. Attached is a stitched together image of the culprit files. It'd be nice have an easy way to just export the content to a text file or copy the content right to the clipboard for easy sharing/reporting. I had to turn off F-Secure real-time scanning just to be able to zip the suspect files to attach it here.

Version info of respective OS/Apps also attached.


Answers

  • pajp
    pajp Posts: 110 F-Secure Employee

    Hi,

    I confirmed your findings by downloading a copy of CrossOver myself and submitted the detected files to our analysts for investigation. You can also do this yourself https://www.f-secure.com/en/business/support-and-downloads/submit-a-sample even if you're using a beta product.

    I agree that it can be cumbersome to share infection reports and retrieve samples from trash in case of false positives. We'll try to improve that in the future.

    Thanks for taking the time to report this issue! I'll update this thread once our analysts have looked at the samples.


    - Rasmus, F-Secure R&D, Mac team

    Rasmus Sten

    F-Secure Technology, Mac Team

  • pajp
    pajp Posts: 110 F-Secure Employee

    Hi,

    our analysts have now analyzed the files and they should no longer be detected as malware. Thanks again for reporting this to us.

    - Rasmus, F-Secure R&D, Mac team

    Rasmus Sten

    F-Secure Technology, Mac Team

This discussion has been closed.
Feedback on New Design