-
Notifications
You must be signed in to change notification settings - Fork 409
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AV engines false positives on orbit.exe #5049
Comments
VirusTotal for Orbit 0.0.8 - https://www.virustotal.com/gui/file/afb906512b19853c485697a2d6f3a725a3ae9fba1a0fe9a7b4ea11dd54dea6c2/detection Surprisingly, this shows no detection from Kaspersky, but does show detections from a couple of other vendors. |
It is detected on Kaspersky's own analysis page: https://opentip.kaspersky.com/AFB906512B19853C485697A2D6F3A725A3AE9FBA1A0FE9A7B4EA11DD54DEA6C2/ |
I submitted false positive reports to all of the offending vendors: Kaspersky, Cylance, MaxSecure, and Ikarus. |
Kaspersky confirmed that it's a false positive and will be resolved on their end. I asked for a time estimate of how long this will take. |
Kaspersky estimated it would be 2-3 hours for the update to take place. I've rechecked through their tool and it's now marked as "clean". I did not receive any confirmation from Cylance, but it is no longer generating a false positive on recheck from VirusTotal. |
Ikarus confirmed the fix and it's no longer showing up on VirusTotal. We got two new ones: Tencent ( |
MaxSecure confirmed fix and it's no longer showing up on VirusTotal. So the original set of detections are now resolved. Will need to make reports to Tencent and Rising. |
Orbit version:
0.0.8
Operating system: Windows (version TBD).
Kaspersky was removing the
C:\Program Files\Orbit\bin\orbit\windows\stable\orbit.exe
executable from hosts hence bringing them offline.User report:
More info
Slack thread: https://osquery.slack.com/archives/C01DXJL16D8/p1649225363306839
The text was updated successfully, but these errors were encountered: