Antivirus false positive

[geierbj]

Rapid7 Insight Agent seems to be detecting new version as a virus also and deletes the install file as soon as it completes its download.

[rick_2k]

2.3.33beta is showing as positive in Windows Defender as of today with Win32/Wacatac.

[Flyguy30263]

2.3.33beta is showing as positive in Windows Defender as of today with Win32/Wacatac.
Top
I'm having this same issue. Only Windows computer I have access to is my work computer, I'm an Apply guy, I'm not the admin for my company computer. Now what.

[f-wolf]

Antivirus false positive

https://www.forscan.org/forum/viewtopi ... &t=12478

[tim100]

Use VirusTotal to Get More Opinions
If you download a file and your antivirus jumps into action and informs you the file is harmful, it probably is. If you’ve run into a false positive and the file is actually safe, most other antivirus programs shouldn’t make the same mistake. In other words, if this is a false positive, only a few antivirus programs should flag the file as dangerous, while most should say it’s safe. That’s where VirusTotal comes in — it lets us scan a file with 45 antivirus programs so we can see what they all think of it.

Check a Malware Database
When an antivirus flags a file, it will give you a specific name for the type of malware it is. Plug this name into a search engine like Google and you should find links to malware database websites written by antivirus companies. They’ll tell you exactly what the file does and why it’s blocked.

In some cases, files that have legitimate uses may be flagged as malware and blocked because they can be used for malicious purposes. For example, some antivirus programs will block VNC server software. VNC server software may be installed by someone malicious so they can remotely access your computer, but it’s safe if you know what you’re doing and intend on installing a VNC server yourself.

Hope this helps.

[jmlay]

Cisco Advanced Malware Protection (AMP) detects the FORscan.exe as malware.

[tractmec]

Its A False Positive as the Forscan team reported in the first post in this thread. Some Aniti virus's have not yet been updated still!

[tmcolegr]

Windows Defender is flagging v2.3.37 as malware

[tschrist]

same here



screen cap of threat scan

I was able to download by removing my downloads folder from scans
then ran the file, and it of course gets scanned during install
at least with the file running I can allow MS Defender to leave the file alone
running fine now

definitely not an easy for for folks who aren't PC savvy... but there are workarounds

[fordsmax471]

How to prevent Windows Defender from scanning FORScan program and files
1. Open Windows Defender Security Center.
2. Click Virus & threat protection.
3. Click the Virus & threat protection option.
4. Under "Exclusions," click the Add or remove exclusions option.
5. Click the Add an exclusion button.
6. Select the content you want to exclude from Windows Defender Antivirus, such as:
7. File — Excludes only one file per exclusion. C:\Program Files (x86)\FORScan\FORScan.exe
8. Process — Excludes background processes by name. C:\Program Files (x86)\FORScan\FORScan.exe

Allow FORScan through defender firewall

1. Open Windows Security.
2. Click on Firewall & network protection.
3. Click the Allow an app through firewall link.
4. Click the Change settings button.
5. Click the Allow another app button to locate the application you want to allow. C:\Program Files (x86)\FORScan\FORScan.exe
6. Select the which type of networks an app can access the network:
7. Private — Allows the app access to the network at home or work.
8. Public — Allows the app access to the network at a public place, such as on a coffee shop.
9. Click the OK button.

Now FORScan works very stable