Antivirus Issues

[Nightblade]

Antivirus Issues

Common Symptoms

• PoB executable flagged as a trojan or malware.
• Installation or update fails due to antivirus interference.
• Application crashes or disappears after installation.

False Positives

Antivirus software sometimes mistakenly identifies legitimate software as malicious. This can occur due to:

• Heuristic Analysis: Antivirus software uses heuristics to detect new, unknown threats. These heuristics can sometimes flag benign software that behaves similarly to malware.
• Software Packaging: The way software is packaged or compressed can resemble the techniques used by malware, leading to false positives.
• Frequent Updates: Software that updates frequently, like PoB, might trigger antivirus software to flag it as suspicious.

Recommended Steps

1. Use Windows Defender:

   • If you're using a third-party antivirus solution that is known for generating false-positives, for example AVG, Avast, McAfee, or Norton, consider switching to Windows Defender, the built-in antivirus solution on Windows. Windows Defender provides robust protection and is less likely to produce false positives compared to some third-party antivirus solutions.

2. Add An Exception:

   • Add the PoB executable file to the exclusion list of your antivirus software.

3. Manual Installation:

   • If automatic updates fail, download the latest version manually from the Releases page.

4. Report False Positives:

   • Report the false positive to your antivirus vendor to help improve their detection algorithms.

Advanced: Scanning the Executable with VirusTotal

1. Visit VirusTotal:

   • Go to the VirusTotal website.

2. Upload the File:

   • Click on the "Choose file" button and select the PoB executable file.
   • Alternatively, you can drag and drop the file into the designated area on the VirusTotal website.

3. Analyze the File:

   • Click on the "Confirm upload" button to start the analysis.
   • VirusTotal will scan the file using multiple antivirus engines and provide a detailed report.

4. Review the Report:

   • Check the report for detections. If the file is flagged by a small number of antivirus engines, they are probably false positives.
   • Look for detections labeled with "ML" (Machine Learning). These detections often indicate heuristic or behavior-based analysis, which can be prone to false positives.
   • If a large number of engines flag the file, proceed with caution and report the issue to us.

[zerogott]

One Detection is from AI (Trellix)(Most likely doesn't know how to handle the signature).
One Detection is cause the file is unknown to the Antivir(Trapmine).
The other Two Detections are from Garbage Software that should not be used in the first place anyway.

If i had to guess, all 4 of them will clear themself within the next days since that .exe was just released.
Just adding this here before somebody complains.