You are here

PortableApps setup - too many "false" AV positives

2 posts / 0 new
Last post
Frozen Mirage Ocean
Offline
Last seen: 3 months 1 week ago
Joined: 2022-07-16 07:59
PortableApps setup - too many "false" AV positives

Hey there,

the PortableApps setup is getting false positives everywhere! Here https://portableapps.com/support or here https://portableapps.com/support/antivirus you recommend using the online services VirusTotal, MetaDefender or Jotti. All of them detect threads, including the also recommended ClamAV. Same goes for using exactly that as a portable app - at least that ClamAV setup didn't get a single alert when being scanned.
And this doesn't s

I don't want to keep going into advances with so much trust when even the recommendations don't work anymore. Even with the best of intentions, the systems on which the apps are developed could also be compromised. I would find it extremely sad if these issues continue or even get worse and I had to stop using PortableApps for these reasons.

Regards

John T. Haller
John T. Haller's picture
Offline
Last seen: 1 hour 50 min ago
AdminDeveloperModeratorTranslator
Joined: 2005-11-28 22:21
False Positives

Most apps outside of very large ones (think base Google Chrome and Mozilla Firefox) will have a few false positives, especially in poor antivirus engines like Antiy, Jiangman, etc. ClamWin has relatively frequent false positives on Windows as well. It has one in the current PortableApps.com Platform.

Here's the current VirusTotal scan for the PortableApps.com Platform, for instance: https://www.virustotal.com/gui/file/9c2b4d5fc9be067c2730d6d5a472ce8fcef0...

You'll see a typical false positive in Jiangmin of 'adware' (nothing we've ever written has adware) for one. A common false positive in Antiy of a 'generic trojan' and in Malwarebytes of 'malware heuristic' which are both heuristic detections... attempts to guess if something contains an unknown malware item based on a heuristic model, which is often wrong. And the fourth is a generic error in ClamAV based on an installer using compression (LZMA via NSIS in our case). These are all pretty standard false positives.

For reference, an infected file will look similar to this: https://i.imgur.com/htKPS2V.png

In an infected file, all the major engines will show a file as infected.

Sometimes, the impossible can become possible, if you're awesome!

Log in or register to post comments