AV engines false positives on orbit.exe #5049
Comments
lucasmrod
added
bug
|
VirusTotal for Orbit 0.0.8 - https://www.virustotal.com/gui/file/afb906512b19853c485697a2d6f3a725a3ae9fba1a0fe9a7b4ea11dd54dea6c2/detection Surprisingly, this shows no detection from Kaspersky, but does show detections from a couple of other vendors. |
|
It is detected on Kaspersky's own analysis page: https://opentip.kaspersky.com/AFB906512B19853C485697A2D6F3A725A3AE9FBA1A0FE9A7B4EA11DD54DEA6C2/ |
|
I submitted false positive reports to all of the offending vendors: Kaspersky, Cylance, MaxSecure, and Ikarus. |
|
Kaspersky confirmed that it's a false positive and will be resolved on their end. I asked for a time estimate of how long this will take. |
|
Kaspersky estimated it would be 2-3 hours for the update to take place. I've rechecked through their tool and it's now marked as "clean". I did not receive any confirmation from Cylance, but it is no longer generating a false positive on recheck from VirusTotal. |
zwass
changed the title
|
Ikarus confirmed the fix and it's no longer showing up on VirusTotal. We got two new ones: Tencent ( |
|
MaxSecure confirmed fix and it's no longer showing up on VirusTotal. So the original set of detections are now resolved. Will need to make reports to Tencent and Rising. |
|
Currently clean! I'm sure we'll find new issues in the future, but closing out this ticket for now.
|
Orbit version:
0.0.8Operating system: Windows (version TBD).
Kaspersky was removing the
C:\Program Files\Orbit\bin\orbit\windows\stable\orbit.exeexecutable from hosts hence bringing them offline.User report:
More info
Slack thread: https://osquery.slack.com/archives/C01DXJL16D8/p1649225363306839
The text was updated successfully, but these errors were encountered: