You are here

False positive in CDex 1.92?

2 posts / 0 new
Last post
tlchost
Offline
Last seen: 5 months 2 weeks ago
Joined: 2006-08-14 08:49
False positive in CDex 1.92?

Both AVG and AVAST report that cdex 192 are infected with Win32:Malware-gen.

John T. Haller
John T. Haller's picture
Offline
Last seen: 6 hours 22 min ago
AdminDeveloperModeratorTranslator
Joined: 2005-11-28 22:21
False positive due to CDex installer bundleware (that we bypass)

Whenever you encounter a detection, use VirusTotal or MetaDefender to check a bunch of antivirus engines. Here's the scan across all engines for our online installer: https://www.virustotal.com/#/file/27ccb2344fa5390002acf6ae08603fc6534cd6...

The scan for CDex on the other hand will show that it contains FusionCore/InstallCore, a type of bundleware in its installer: https://www.virustotal.com/#/file/13461a26259bc976f8a40c082fa8efc44e23b9...

A couple of the antivirus engines are dumb/wrong and just show a generic 'malware' detection. The rest correctly identify it as installer bundleware. What's important to realize is that our online installer bypasses the usual CDex installer and extracts just the files themselves. The CDex installer is never run.

If you scan all the files that make up CDex Portable after its installed, you'll note that it's clean other than a generic false positive in Cylance: https://www.virustotal.com/#/file/1daf89e7106790de69f747905824df8b6ca07e...

You can choose to use CDex or not based on this. We can't legally distribute the files of CDex in our own package as CDex is no longer open source. Anyone repackaging it is doing so illegally and probably adding actual malware to it.

As a side note, AVG is having a ton of issues with false positives in the last day or so.

Sometimes, the impossible can become possible, if you're awesome!

Log in or register to post comments