F-Secure detects git\bin\pdfinfo.exe as Trojan.Generic.11954596

F-Secure detects git/bin/pdfinfo.exe as Trojan.Generic.11954596 when installing latest git-scm 1.9.4 on Windows 8.1 64bit.

 

Not only this is a false detection but with upgrading to the latest F-Secure version it has configured itself to automatically disinfect files.

 

Further more F-Secure replaced my etc/hosts file with a blank version while disinfecting the file. Only due to the fact that I am backing my hosts file on each change I have not lost this very essentatial configuration. It would have taken hours to restore as I would have needed to find out all of the IP addresses of my customers remote servers again.

 

Sorry guys but this s***!

 

Your software silently evolved to a product which I can hardly recommend to anyone anymore...

 

Smiley Frustrated

 

 

Answers

  • SimonSimon Posts: 2,582

    I'm not F-Secure staff, but sorry to hear you've had problems.

     

    Can I suggest you Submit a Sample of the affected file, so that it can be analysed, and whitlisted?

  • cddcdd Posts: 4
    Hi Simon,

    thanks for your response and the suggestion. I have just submitted the original Installer file which I have downloaded last night to SAS now.

    I'll update this topic once the analysis is complete.

    Regards,
    Carsten
  • RusliRusli Posts: 991

    Hi

     

    First you have to submit the infected file to F-Secure SAS.

     

    https://analysis.f-secure.com/portal/login.html

     

    Then after doing that try ...virus total to confirm...

     

    https://www.virustotal.com/

  • Hi Carsten,

     

    May we know if the issue was resolved after submitting the file to the SAS portal?

     

    Regards,

  • cddcdd Posts: 4

    Hi Federico,

     

    thanks for your response.

     

    I have submitted the Installer to SAS though nothing was reported there as well.

     

    And as I installed git-scm with F-Secure disabled after reporting about here and the installed pdfinfo.exe file is not detected as trojan when scanning it afterwards I have no open issue.

     

    Nevertheless I still wonder what might have caused the false detection and why F-Secure destroyed the hosts file.

     

    So I hope this does not happen again to me or others.

     

    Regards,

    Carsten

  • SimonSimon Posts: 2,582
    Hi Carsten,

    If you want to know more, perhaps you could submit a support ticket, attaching an FSDIAG, so that the guys can have a look at what went on?
This discussion has been closed.