Difference between revisions of "Troubleshooting AntiVirus false positives"
Line 12: | Line 12: | ||
f-secure does not report a virus or trojan but complains about the setup and executable of regibox (eg regibox.exe) to be some not very often used software. Sadly, this is very penetrative during setup but you can chose to continue and after the setup finished it is quiet. We reported this as a false alert to f-secure. We do not expect any reaction... | f-secure does not report a virus or trojan but complains about the setup and executable of regibox (eg regibox.exe) to be some not very often used software. Sadly, this is very penetrative during setup but you can chose to continue and after the setup finished it is quiet. We reported this as a false alert to f-secure. We do not expect any reaction... | ||
− | '''AVG Antivirus''' (September 2015)<br> | + | '''AVG Antivirus''' (September 2015, November 2016)<br> |
The first reported false positive was on ''regibox-1.2.1-3025.exe'' and also ''regify_client-4.1.2-2466.exe''. Both false positives are reported to AVG. Status pending.<br> | The first reported false positive was on ''regibox-1.2.1-3025.exe'' and also ''regify_client-4.1.2-2466.exe''. Both false positives are reported to AVG. Status pending.<br> | ||
In order to install the regibox manager or regify client, right-click the AVG icon in the system tray next to the clock. Click ''Temporarily disable AVG protection'' and select a few minutes to install the software. Now run the downloaded regify setup. Please re-activate protection directly after successfully installation. Alternatively, if already detected, you can chose to create an exception on that file.<br> | In order to install the regibox manager or regify client, right-click the AVG icon in the system tray next to the clock. Click ''Temporarily disable AVG protection'' and select a few minutes to install the software. Now run the downloaded regify setup. Please re-activate protection directly after successfully installation. Alternatively, if already detected, you can chose to create an exception on that file.<br> | ||
Line 23: | Line 23: | ||
'''UPDATE:''' Since end of November 2015 the most recent setups seem to work now without any false alert. So Trend Micro fixed it. | '''UPDATE:''' Since end of November 2015 the most recent setups seem to work now without any false alert. So Trend Micro fixed it. | ||
− | '''Kaspersky''' (February 2013)<br> | + | '''Kaspersky''' (February 2013, December 2016)<br> |
− | The Kaspersky 2012 virus scanner reports a false positive for ''regify.dll'' and classifies the file as ''Trojan-PSW.Win32.Tepfer.gevv''. The false positive was reported to Kaspersky on 25. February. The regify.dll is part of the regify client-sdk. | + | The Kaspersky 2012 virus scanner reports a false positive for ''regify.dll'' and classifies the file as ''Trojan-PSW.Win32.Tepfer.gevv''. The false positive was reported to Kaspersky on 25. February. The regify.dll is part of the regify client-sdk.<br> |
+ | UPDATE: We got a customer report that regify_client.exe is detected as virus from Kasperski on 05. December 2016. We reported the false alert to Kasperski. | ||
'''Trend Micro''' (November 2011)<br> | '''Trend Micro''' (November 2011)<br> |
Revision as of 10:38, 5 December 2016
It happens occasionally, that AntiVirus software detects the regify client setup or parts of it as virus. This are false positives.
In order to validate, if you have the correct setup, please ensure that the setup has been downloaded directly from your regify provider.
Do not trust setups that have been downloaded from other pages than your regify provider (at which you signed on) or directly at www.regify.com!
Contents
known false positives
Webroot Antivirus (October 2015)
The false positive seems on regimail. We created a support ticket and reported the false alert. No response until now.
f-secure (Octopber 2015)
f-secure does not report a virus or trojan but complains about the setup and executable of regibox (eg regibox.exe) to be some not very often used software. Sadly, this is very penetrative during setup but you can chose to continue and after the setup finished it is quiet. We reported this as a false alert to f-secure. We do not expect any reaction...
AVG Antivirus (September 2015, November 2016)
The first reported false positive was on regibox-1.2.1-3025.exe and also regify_client-4.1.2-2466.exe. Both false positives are reported to AVG. Status pending.
In order to install the regibox manager or regify client, right-click the AVG icon in the system tray next to the clock. Click Temporarily disable AVG protection and select a few minutes to install the software. Now run the downloaded regify setup. Please re-activate protection directly after successfully installation. Alternatively, if already detected, you can chose to create an exception on that file.
UPDATE: We tested again on 19. October 2015 and AVG still reports a false positive. Sadly, now also the contained files regify_OLAddIn_x32_Setup.exe and regify_OLAddIn_x64_Setup.exe for the Outlook AddIns are triggering a false alarm. We will report this to AVG, too. Status pending.
UPDATE: Again, on 24. November 2016, AVG still triggers false alerts for the regify client setup (V4.2.1) and also the contained Outlook setups. Please let it ignore this false alert to continue by chosing the small "other options" link below in the alert and force it to allow the program. We are sorry for this, but AVG seem to ignore all our requests.
Trend Micro (September 2015)
The false positive was on regify_client_setup-4.1.2-2466_elevated.exe. The false positive is reported to Trend Micro. Status is pending.
To install, please deactivate the Trend Micro Virus scanner for the duration of the installation (before running the setup). To deactivate, right click on the Trend Micro symbol in your ToolTray (right bottom of windows desktop) and uncheck the virus-scanner. Now run the downloaded regify setup. Please re-activate protection directly after successfully installation.
UPDATE: Since end of November 2015 the most recent setups seem to work now without any false alert. So Trend Micro fixed it.
Kaspersky (February 2013, December 2016)
The Kaspersky 2012 virus scanner reports a false positive for regify.dll and classifies the file as Trojan-PSW.Win32.Tepfer.gevv. The false positive was reported to Kaspersky on 25. February. The regify.dll is part of the regify client-sdk.
UPDATE: We got a customer report that regify_client.exe is detected as virus from Kasperski on 05. December 2016. We reported the false alert to Kasperski.
Trend Micro (November 2011)
The false positive was on regify_client_setup_elevated.exe and on a registry key. This is used by our MSI setup and happens directly on setup. The false positive is reported to Trend Micro. Status is pending.
To install, please deactivate the Trend Micro Virus scanner for the duration of the installation (before running the setup). To deactivate, right click on the Trend Micro symbol in your ToolTray (right bottom of windows desktop) and uncheck the virus-scanner. Please re-activate directly after successfully installation.
Norton Internet Security (October 2011)
The false positive was on regify_client.exe. It was reportet, acknowledged and confirmed by symantec in September 2011 and seems gone now (17. October 2011).
The only way to install has been to explicitely allow and accept the file in your Norton software.
Avast (July 2011)
Sometimes, Avast suggests you to install in Sandbox. Simply answer this question with no and choose to run normally.
other virusscanner issues
ESET SSL/TLS protocol filtering
If your regify product is not able to connect to the internet by producing error 59 and you are running a security solution of ESET, you might need to disable the SSL/TLS protocol filtering. With this feature, ESET is trying to intercept every secured communication. This is done in such a bad way, that every software which checks the security of the established connection is detecting this as invalid. regify is creating logfile entries with the remark
Unknown error (0x80092012) - The revocation function was unable to check revocation for the certificate.
Follow this ESET guide to adapt your ESET settings.
McAfee VirusScan (May 2012)
We learned, that McAfee VirusScan blocks all port 25 communication by default. It allows only well known software (Outlook) to use this port by default.
Here ist the McAfee Knowledgebase article: KB50707
A quick validation is to temporary disable the virus-scanner for a short time to make your tests.
Symantec Endpoint Security (March 2013)
SEP is using some email proxy functionality that interferres especially with regipay desktop and regibill desktop SMTP sending features. We found several issues like transmission problems, timeouts and occasional RSET commands in data flow. In order to workaround these issues, you need to turn off the Internet Email Auto-Protect feature.
If you are not able to deactivate this, you might go to Control Panel, Programs and Features (was Add/remove Programs), Symantec, Change and remove the POP3/SMTP Scanner feature.