Difference between revisions of "Troubleshooting AntiVirus false positives"

From regify WIKI
Jump to navigation Jump to search
Line 1: Line 1:
 
It happens occasionally, that AntiVirus software detects the regify client setup or parts of it as virus. This are false positives.
 
It happens occasionally, that AntiVirus software detects the regify client setup or parts of it as virus. This are false positives.
  
In order to validate, if you have the correct setup, please ensure that the setup has been downloaded <u>directly from your regify provider</u> using a <u>https URL</u>.
+
In order to validate, if you have the correct setup, please ensure that the setup has been downloaded <u>directly from your regify provider</u>.
  
 
'''<span style="color: #AA0000;">Do not trust setups that have been downloaded from other pages than your regify provider (at which you signed on) or directly at www.regify.com!</span>'''
 
'''<span style="color: #AA0000;">Do not trust setups that have been downloaded from other pages than your regify provider (at which you signed on) or directly at www.regify.com!</span>'''

Revision as of 08:35, 29 September 2015

It happens occasionally, that AntiVirus software detects the regify client setup or parts of it as virus. This are false positives.

In order to validate, if you have the correct setup, please ensure that the setup has been downloaded directly from your regify provider.

Do not trust setups that have been downloaded from other pages than your regify provider (at which you signed on) or directly at www.regify.com!

known false positives

AVG Antivirus (September 2015)
The false positive was on regibox-1.2.1-3025.exe. The false positive is reported to AVG. Status pending.
In order to install the regibox manager, right-click the AVG icon in the system tray next to the clock. Click Temporarily disable AVG protection and select a few minutes to install the software. Now run the downloaded regify setup. Please re-activate protection directly after successfully installation.

Trend Micro (September 2015)
The false positive was on regify_client_setup-4.1.2-2466_elevated.exe. The false positive is reported to Trend Micro. Status is pending.
To install, please deactivate the Trend Micro Virus scanner for the duration of the installation (before running the setup). To deactivate, right click on the Trend Micro symbol in your ToolTray (right bottom of windows desktop) and uncheck the virus-scanner. Now run the downloaded regify setup. Please re-activate protection directly after successfully installation.

Kaspersky (February 2013)
The Kaspersky 2012 virus scanner reports a false positive for regify.dll and classifies the file as Trojan-PSW.Win32.Tepfer.gevv. The false positive was reported to Kaspersky on 25. February. The regify.dll is part of the regify client-sdk.

Trend Micro (November 2011)
The false positive was on regify_client_setup_elevated.exe and on a registry key. This is used by our MSI setup and happens directly on setup. The false positive is reported to Trend Micro. Status is pending.
To install, please deactivate the Trend Micro Virus scanner for the duration of the installation (before running the setup). To deactivate, right click on the Trend Micro symbol in your ToolTray (right bottom of windows desktop) and uncheck the virus-scanner. Please re-activate directly after successfully installation.

Norton Internet Security (October 2011)
The false positive was on regify_client.exe. It was reportet, acknowledged and confirmed by symantec in September 2011 and seems gone now (17. October 2011).
The only way to install has been to explicitely allow and accept the file in your Norton software.

Avast (July 2011)
Sometimes, Avast suggests you to install in Sandbox. Simply answer this question with no and choose to run normally.

other virusscanner issues

McAfee VirusScan (May 2012)

We learned, that McAfee VirusScan blocks all port 25 communication by default. It allows only well known software (Outlook) to use this port by default.
Here ist the McAfee Knowledgebase article: KB50707
A quick validation is to temporary disable the virus-scanner for a short time to make your tests.

Symantec Endpoint Security (March 2013)

SEP is using some email proxy functionality that interferres especially with regipay desktop and regibill desktop SMTP sending features. We found several issues like transmission problems, timeouts and occasional RSET commands in data flow. In order to workaround these issues, you need to turn off the Internet Email Auto-Protect feature.

SEP AutoProtect.jpg

If you are not able to deactivate this, you might go to Control Panel, Programs and Features (was Add/remove Programs), Symantec, Change and remove the POP3/SMTP Scanner feature.

SEP CustomSetup.jpg