Install VMware-ThinApp-Enterprise-4.5.0-238809.exe and avast reports setup capture.exe and log_monitor.exe infected by win32:trojan-gen. Is this possible?
Plus, after download the signatures MD5 and SHA-1 don´t match the ones on the download page.
Re-downloaded, signatures now match, but avast still flags setup capture.exe and log_monitor.exe infected. I seem to remember yesterday the signatures at the download page ended in ('), which is not the case today. The (') is gone. Even stranger, at virustotal log_monitor.exe is reported as infected by 8 antivirus. So what is going on?
SetupCapture.exe and LogMonitor.exe are shipped as ThinApp executables themselves. There are a lot of false positives on ThinApp executables, perhaps because ThinApp uses a number of techniques (like API hooking) that are also used by malware.
Ok, that´s a better honest answer. Then for $6000, this product is unusable. It's hard to convince people about false positives. Pity, such a good product.
Thank you, I try very hard to always provide honest answers. Even if that means that apparently we get blamed for faulty signatures in other peoples products. Sorry to hear ThinApp is not working out for you.
Oh no! Don't get me wrong. It works like a charm!! I like ThinApp very much! It's just that end-users get overly suspicious over these things. Maybe VMWare can work around this. It's not good for their business to be tagged by AV companies. I know other companies have gotten their products un-tagged in the past.
False positives are a fact of life. Unfortunately, the malware writers are to blame. Antivirus companies are stuggling to keep up with the amazing amount of new malware. For example, just this last year Symantec created more definitions for new malware than they have in the last 18 years combined! Your best bet when you get these false positives is to send them to your antivirus company (most have methods for doing so), so they can fix their definitions. It's not just Vmware software but many other legit packages sometimes match anti-virus signatures patterns because malware is in all senses another application (just happens to be malicious) and they use very common techniques that legit packages may use as well. Some AV companies are better with false positives. I can tell you from experience Avast is one of the worst. You get what you pay for.
Don't think that it will brings some results - thin packages are the similar to malware, so excluding it potentially means new "holes" hor virus developers.
I'm aware of false positives and getting what you pay for with free avast. So just to be sure, goto to virustotal. Thinapp gets 9/41 detections, making matters even worse.
Excluding the file yourself and sending to the AV company are two different things. If you send it to your AV company, they will actually fix the false positive in their next definition release (after they analyze to ensure it doesnt contain malware of course). At least that's how Symantec does it and I'm sure other AV companies have simular procedures. Do it all the time with homegrown software made by employees in our company and even commericial software that sometimes gets detected after some new def release. Doesn't lower security if you do it this way. Excluding things on your own is a different story (depending on if you exclude by specific file name, folder, file extension). I avoid those types of exclusions as much as possible.
