Difference between revisions of "Troubleshooting AntiVirus false positives"

From regify WIKI
Jump to navigation Jump to search
Line 30: Line 30:
 
===Symantec Endpoint Security (March 2013)===
 
===Symantec Endpoint Security (March 2013)===
 
SEP is using some email proxy functionality that interferres especially with regipay desktop and regibill desktop SMTP sending features. We found several issues like transmission problems, timeouts and occasional RSET commands in data flow. In order to workaround these issues, you need to turn off the '''Internet Email Auto-Protect''' feature.
 
SEP is using some email proxy functionality that interferres especially with regipay desktop and regibill desktop SMTP sending features. We found several issues like transmission problems, timeouts and occasional RSET commands in data flow. In order to workaround these issues, you need to turn off the '''Internet Email Auto-Protect''' feature.
[[File:SEP_AutoProtect.jpg]]
+
 
 +
[[File:SEP_AutoProtect.jpg|220px]]
  
 
If you are not able to deactivate this, you might go to ''Control Panel, Programs and Features (was Add/remove Programs), Symantec, Change'' and remove the '''POP3/SMTP Scanner''' feature.
 
If you are not able to deactivate this, you might go to ''Control Panel, Programs and Features (was Add/remove Programs), Symantec, Change'' and remove the '''POP3/SMTP Scanner''' feature.
[[File:SEP_CustomSetup.jpg]]
+
 
 +
[[File:SEP_CustomSetup.jpg|220px]]

Revision as of 11:34, 13 March 2013

It happens occasionally, that AntiVirus software detects the regify client setup or parts of it as virus. This are false positives.

In order to validate, if you have the correct setup, please ensure that the setup has been downloaded directly from your regify provider using a https URL.

Do not trust setups that have been downloaded from other pages than your regify provider (at which you signed on) or directly at www.regify.com!

known false positives

Norton Internet Security (October 2011)
The false positive was on regify_client.exe. It was reportet, acknowledged and confirmed by symantec in September 2011 and seems gone now (17. October 2011).
The only way to install has been to explicitely allow and accept the file in your Norton software.

Trend Micro (November 2011)
The false positive was on regify_client_setup_elevated.exe and on a registry key. This is used by our MSI setup and happens directly on setup. The false positive is reported to Trend Micro. Status is pending.
To install, please deactivate the Trend Micro Virus scanner for the duration of the installation (before running the setup). To deactivate, right click on the Trend Micro symbol in your ToolTray (right bottom of windows desktop) and uncheck the virus-scanner. Please re-activate directly after successfully installation.

Avast (July 2011)
Sometimes, Avast suggests you to install in Sandbox. Simply answer this question with no and choose to run normally.

Kaspersky (February 2013)
The Kaspersky 2012 virus scanner reports a false positive for regify.dll and classifies the file as Trojan-PSW.Win32.Tepfer.gevv. The false positive was reported to Kaspersky on 25. February. The regify.dll is part of the regify client-sdk.

other virusscanner issues

McAfee VirusScan (May 2012)

We learned, that McAfee VirusScan blocks all port 25 communication by default. It allows only well known software (Outlook) to use this port by default.
Here ist the McAfee Knowledgebase article: KB50707
A quick validation is to temporary disable the virus-scanner for a short time to make your tests.

Symantec Endpoint Security (March 2013)

SEP is using some email proxy functionality that interferres especially with regipay desktop and regibill desktop SMTP sending features. We found several issues like transmission problems, timeouts and occasional RSET commands in data flow. In order to workaround these issues, you need to turn off the Internet Email Auto-Protect feature.

SEP AutoProtect.jpg

If you are not able to deactivate this, you might go to Control Panel, Programs and Features (was Add/remove Programs), Symantec, Change and remove the POP3/SMTP Scanner feature.

SEP CustomSetup.jpg