Posted by Remote Management Staff
Remote Management Staff

ITbrain Anti-Malware detects legitimate applications or files.

What can I do, if ITbrain Anti-Malware detects leg...

We’re constantly working in reducing false-positive reports to a minimum. However, some applications or files are reported as malware due to bad programming practices (e. g. applications that change the Master Boot Record, add registry entries, change system files without the user’s confirmation, or execute custom macros in office applications).

To identify and white-list such applications or files, we ask you to send us the detected file(s) as described below:

Note: These files will be used for malware analysis only and will be treated accordingly.

  1. Open the Policies tab under ITbrain-> Anti-malware board -> Manage Policies tab within the TeamViewer Management Console.
  2. Click on the policy that is assigned to the computer which sent the false-positive report and deactivate Real-time protection.
  3. Locate the file(s) on your drive.
    • Open the View Report tab under Anti-malware board 
    • Click on the Threat name from the list.
    • Copy the path of the detected file(s).
    • Click the Restore from quarantine button.
  4. Add the detected file(s) to a zip file using a file compression software of your choice.
    • Password protect the zip file with the password "infected".
  5. Attach the zip file to an email and send it to: support@itbrain.com.
    • Make sure to write “FALSE POSITIVE” in the message body.
  6. Reactivate the Anti-Malware's real-time protection.

After the analysis, we will inform you, if the file was declared clean and white-listed, or if it was used in a malicious manner.

Product Owner, Remote Management services.
5 Replies
Posted by AlanMurray
Henagon

Re: ITbrain Anti-Malware detects legitimate applications or files.

Thanks for the information in this article. Please could you let me know if, following the procedure you have mentioned that the legitimate application will continue to run or do we have to wait until Teamviewer / IT Brain has sanctioned this as a safe file?

Thanks again

Posted by Remote Management Staff
Remote Management Staff

Re: ITbrain Anti-Malware detects legitimate applications or files.

Hi AlanMurray, 

Normaly the "false positive" application will continue to be detected until we analyze the application in our malware labs and declare it either whitelisted or a proper detection. 

All of the communication happens though our support channels regarding these situations and the user which reports will have an answer within 48 hours or submiting the sample. 

After the file will be declared  as safe, a few malware definition updates will correct this situation. ITbrain Anti-Malware has an automatic malware definitions update running every hour. 

 

 

Product Owner, Remote Management services.
Posted by AlanMurray
Henagon

Re: ITbrain Anti-Malware detects legitimate applications or files.

Ok

So the "False positive" is still detected.. can we continue to use the app until it's deemed safe?

Thanks

Alan

Posted by Remote Management Staff
Remote Management Staff

Re: ITbrain Anti-Malware detects legitimate applications or files.

Hi AlanMurray, 

If you indeed have a false positive detection please contact us at: support@itbrain.com to get it analyzed. 

You can use the application which was detected if the engines will flag it as infected., an alert will be triggered every time it will be scan though.

In the case the Anti-malware engines will delete or qurantine it I am not sure you can still use the application. 

 

Product Owner, Remote Management services.
Highlighted
Posted by kmrbalaram
Digon

Re: ITbrain Anti-Malware detects legitimate applications or files.


@Stanislav wrote:
What can I do, if ITbrain Anti-Malware detects leg...

We’re constantly working in reducing false-positive reports to a minimum. However, some applications or files are reported as malware due to bad programming practices (e. g. applications that change the Master Boot Record, add registry entries, change system files without the user’s confirmation, or execute custom macros in office applications).

To identify and white-list such applications or files, we ask you to send us the detected file(s) as described below:

Note: These files will be used for malware analysis only and will be treated accordingly.

  1. Open the Policies tab under ITbrain-> Anti-malware board -> Manage Policies tab within the TeamViewer Management Console.
  2. Click on the policy that is assigned to the computer which sent the false-positive report and deactivate Real-time protection.
  3. Locate the file(s) on your drive.
    • Open the View Report tab under Anti-malware board 
    • Click on the Threat name from the list.
    • Copy the path of the detected file(s).
    • Click the Restore from quarantine button.
  4. Add the detected file(s) to a zip file using a file compression software of your choice.
    • Password protect the zip file with the password "infected".
  5. Attach the zip file to an email and send it to: support@itbrain.com.
    • Make sure to write “FALSE POSITIVE” in the message body.
  6. Reactivate the Anti-Malware's real-time protection.

After the analysis, we will inform you, if the file was declared clean and white-listed, or if it was used in a malicious manner.