Antivirus false positive

Any issues related to FORScan application
geierbj
Posts: 1
Joined: Sat Mar 07, 2020 3:16 am
Vehicle: F150, 5.0L. 2019

Re: Antivirus false positive

Post by geierbj »

Rapid7 Insight Agent seems to be detecting new version as a virus also and deletes the install file as soon as it completes its download.
rick_2k
Posts: 1
Joined: Fri Jun 08, 2018 2:51 pm
Vehicle: Mondeo, 1.5 Petrol, 2015

Re: Antivirus false positive

Post by rick_2k »

2.3.33beta is showing as positive in Windows Defender as of today with Win32/Wacatac.
Flyguy30263
Posts: 1
Joined: Sun May 10, 2020 12:02 am
Vehicle: 2019 FORD F250 SUPER DUTY 6.7

Re: Antivirus false positive

Post by Flyguy30263 »

2.3.33beta is showing as positive in Windows Defender as of today with Win32/Wacatac.
Top
I'm having this same issue. Only Windows computer I have access to is my work computer, I'm an Apply guy, I'm not the admin for my company computer. Now what.
f-wolf
Posts: 994
Joined: Sat Apr 18, 2015 12:41 am
Vehicle: *** Ford ***
Location: Third planet from the sun

Re: Antivirus false positive

Post by f-wolf »

tim100
Posts: 5
Joined: Mon Oct 12, 2020 8:25 am
Vehicle: suzuki , petrol , 1.4L , 2018

Re: Antivirus false positive

Post by tim100 »

Use VirusTotal to Get More Opinions
If you download a file and your antivirus jumps into action and informs you the file is harmful, it probably is. If you’ve run into a false positive and the file is actually safe, most other antivirus programs shouldn’t make the same mistake. In other words, if this is a false positive, only a few antivirus programs should flag the file as dangerous, while most should say it’s safe. That’s where VirusTotal comes in — it lets us scan a file with 45 antivirus programs so we can see what they all think of it.

Check a Malware Database
When an antivirus flags a file, it will give you a specific name for the type of malware it is. Plug this name into a search engine like Google and you should find links to malware database websites written by antivirus companies. They’ll tell you exactly what the file does and why it’s blocked.

In some cases, files that have legitimate uses may be flagged as malware and blocked because they can be used for malicious purposes. For example, some antivirus programs will block VNC server software. VNC server software may be installed by someone malicious so they can remotely access your computer, but it’s safe if you know what you’re doing and intend on installing a VNC server yourself.

Hope this helps.
jmlay
Posts: 1
Joined: Wed Nov 04, 2020 10:21 pm
Vehicle: Ford, 3.5 2017

Re: Antivirus false positive

Post by jmlay »

Cisco Advanced Malware Protection (AMP) detects the FORscan.exe as malware.
tractmec
Posts: 445
Joined: Thu May 26, 2016 11:43 pm
Vehicle: F150 5.4 Triton 2005 Expy5.4 2003 Fusion 3.0 2010

Re: Antivirus false positive

Post by tractmec »

Its A False Positive as the Forscan team reported in the first post in this thread. Some Aniti virus's have not yet been updated still!
tmcolegr
Posts: 2
Joined: Wed Feb 15, 2017 8:24 pm
Vehicle: 2019 Ford F150 3.5L Ecoboost

Re: Antivirus false positive

Post by tmcolegr »

Windows Defender is flagging v2.3.37 as malware
tschrist
Posts: 1
Joined: Mon Nov 30, 2020 4:20 pm
Vehicle: 2017 Ford Raptor

Re: Antivirus false positive

Post by tschrist »

same here

Image

screen cap of threat scan

I was able to download by removing my downloads folder from scans
then ran the file, and it of course gets scanned during install
at least with the file running I can allow MS Defender to leave the file alone
running fine now

definitely not an easy for for folks who aren't PC savvy... but there are workarounds
User avatar
fordsmax471
Posts: 887
Joined: Mon Aug 07, 2017 5:29 pm
Vehicle: Ford S-Max 2.0 TDCi 2017 PowerShift

Re: Antivirus false positive

Post by fordsmax471 »

:arrow: How to prevent Windows Defender from scanning FORScan program and files
1. Open Windows Defender Security Center.
2. Click Virus & threat protection.
3. Click the Virus & threat protection option.
4. Under "Exclusions," click the Add or remove exclusions option.
5. Click the Add an exclusion button.
6. Select the content you want to exclude from Windows Defender Antivirus, such as:
7. File — Excludes only one file per exclusion. C:\Program Files (x86)\FORScan\FORScan.exe
8. Process — Excludes background processes by name. C:\Program Files (x86)\FORScan\FORScan.exe

:arrow: Allow FORScan through defender firewall

1. Open Windows Security.
2. Click on Firewall & network protection.
3. Click the Allow an app through firewall link.
4. Click the Change settings button.
5. Click the Allow another app button to locate the application you want to allow. C:\Program Files (x86)\FORScan\FORScan.exe
6. Select the which type of networks an app can access the network:
7. Private — Allows the app access to the network at home or work.
8. Public — Allows the app access to the network at a public place, such as on a coffee shop.
9. Click the OK button.

Now FORScan works very stable ;)
FORScan 2.4.3/UCDS 4/Elitebook G6/Win10 pro
Post Reply