HitmanPro blocked F-secure file

Scholar

HitmanPro blocked F-secure file

HitmanPro 3.8.0. just gave me the following warning.

Are you aware of a problem with this file?

 

 

Malware _____________________________________________________________________

C:\ProgramData\F-Secure\GUTS2\capricorn-win64\1549003233\aeoffice.dll
Size . . . . . . . : 1.011.680 bytes
Age . . . . . . . : 0.1 days (2019-02-01 08:52:14)
Entropy . . . . . : 7.3
SHA-256 . . . . . : 42DD96085BE703DB739F694F433BF03E9BFF07DDE81CA9659EB39F2A439524C7
Product . . . . . : AVOFFICE
Publisher . . . . : Avira Operations GmbH & Co. KG
Description . . . : Avira Engine Module for Windows
Version . . . . . : 8.4.10.8
LanguageID . . . . : 0
> Kaspersky . . . . : HEUR:Trojan.Win32.Generic
Fuzzy . . . . . . : 98.0

4 REPLIES 4
Senior Member

Re: HitmanPro blocked F-secure file

Hey, 

Running two antivirus programs on same machine is completely unsupported, they may well detect each other's virus databases as viruses preventing either from protecting you. 

Highlighted
Aspirant

Re: HitmanPro blocked F-secure file

HitmanPro is on-demand second opinion scan tool. Not real-time. Not AV
Senior Member

Re: HitmanPro blocked F-secure file

Hey, 

The same applies for also on-demand scanning, it's not limited to real-time scanning. Databases and engines are quite likely to trigger false positive detections and removing those makes the antivirus software detect less things. 

Superuser

Re: HitmanPro blocked F-secure file

Hello,

 

Sorry for my reply. I am only an F-Secure user (their home solutions).

 

Just interesting:

Does your experience still show that HitmanPro partner engine detects an F-secure file as 'potentially' malicious? Or it was one-time experience?

 

Based on your log and item SHA-256 hash - this file has been corrupted(?). At least, digital code signing signature/cert were.

Perhaps this is possible if the item was during writing/creation (temporary or even update); interrupted during update/create/write; broken item (temporary trouble).

Otherwise, item is modified or tricked during certain stage. What is a little be strange for home use situation.

And likely that troubles with signature verification was a reason for generic detection (HEUR:Trojan.Win32.Generic).

 

Maybe if your experience is still about such a detection (or if the original item is still available) - possible to check it manually. What is state of file's digital signature?

 

My own experience and "aeoffice.dll" are about valid situation probably (though, I check it with beta F-Secure SAFE solution). At least, the file is signed normally; and HitmanPro did not detect after a brief check.

But as was suggested with other replies - detection of each other's signatures is most likely a probable situation. Although my own steps in this kind of situation with detection are attempts to contact F-Secure Labs:

and the company that detects the item.

 

Thanks!