False Positive For iSkysoft Video Converter Ultimate

Just to advise the community and ask a question.

 

I recently upgraded to the newest version when prompted for this software but F Secure flagged it as a suspect trojan.   

 

falsepositive.png

 

This included the same dll in an old directory of the same product so I knew this is false.    I tried to submit a sample but that part of the F Secure site is down for maintenance.

 

My question ... I've rarely had a problem with F Secure Safe doing this so my experience is limited but I added product directory to exclude list (after a couple of attempts) and realizing it was multiple installs hanging around (thank you F Secure for making me realize this).   What surprised me was that even though I restored the quarantined file it did not undo the restart removal.   When I restarted it still removed the file and I had to reinstall the product again.     Is this normal?   Should it not nullify the restart removal? 

I can't submit a support request as a home products like F Secure Safe don't appear to be listed.   Has that always been the case?    

Comments

  • Ukko
    Ukko Posts: 3,611 Superuser

    Hello,

     

    I am also only an F-Secure user (their home solutions).

     

     I tried to submit a sample but that part of the F Secure site is down for maintenance.

    Sounds that their "F-Secure SAS" is indeed under maintenance (quite rare situation for notice).

    Maybe there is something like on-going redesign (for except real maintenance, of course).

     

    What surprised me was that even though I restored the quarantined file it did not undo the restart removal.   When I restarted it still removed the file and I had to reinstall the product again. Is this normal? Should it not nullify the restart removal? 

    I think it should not undo the restart removal. Perhaps, it is uncompleted removal and only after the restart - removal is done (quarantine?! in fact). So, even if file is restored - at restart - removal action is anyway proceed. Maybe, it is unexpected (actually). But more sounds as a technical limitation.

     

    Then (after the restart), you can to 'restore' item and to exclude it (or folders). As a result, real-time scanning should not detect it (but "manual" scan, probably, still will detect it).

     

    Or did you mean - that file removal is reoccurred each restart even with excluded / allowed items and directories?

     

    I can't submit a support request as a home products like F Secure Safe don't appear to be listed.   Has that always been the case?    

    You could contact them via phone call or via 'web' chat:

    Then, discussion / support case can be switched to email channel.

     

    // Actually, exclusion list is a workaround only. In addition, what if it is not a false positive.

     

    Sorry for my reply and for my English!

    Thanks!

     

     

  • WarningU2
    WarningU2 Posts: 10 Observer

    Hi Ukko 

     

    RE:  Or did you mean - that file removal is reoccurred each restart even with excluded / allowed items and directories?

    Yes even though I had excluded the directory and restored the file in question ... it was still removed at the restart.   Once the file is quarantined it is removed regardless of restore.  

     

    I personally think that is a problem but fortunately it is easy to fix by reinstalling the product.  

     

    Thanks for your insight.  

  • Ukko
    Ukko Posts: 3,611 Superuser

    Hello,

     

    by the way, F-Secure SAS page is available on current day:

    you can to check "I want to give more details about this sample and to be notified of the analysis results" and to provide a bit more information for further feedback from F-Secure Labs. Of course, if you did not so already.

    I think it is anyway good to transfer file (if detection is still occurred) - since things like "exclusions" are only a temporary workaround.

     

    Yes even though I had excluded the directory and restored the file in question ... it was still removed at the restart.   Once the file is quarantined it is removed regardless of restore.  

    Strange indeed (perhaps, file should not be removed if item is restored after the first restart since quarantining event). But if reinstallating was not a trouble - that is good!

This discussion has been closed.
Pricing & Product Info