False Alarm Test September 2017
Appendix to the Anti-Virus Comparative September 2017
Release date | 2017-10-15 |
Revision date | 2017-10-12 |
Test Period | September 2017 |
Online with cloud connectivity | |
Update allowed | |
False Alarm Test included | |
Platform/OS | Microsoft Windows |
Introduction
This report is an appendix to the Malware Protection Test September 2017 listing details about the discovered False Alarms.
In AV testing, it is important to measure not only detection capabilities but also reliability. One aspect of reliability is the ability to recognize clean files as such, and not to produce false alarms (false positives). No product is immune from false positives (FPs), but some produce more than others. False Positives Tests measure which programs do best in this respect. There is no complete collection of all legitimate files that exist, and so no “ultimate” test of FPs can be done. What can be done, and is reasonable, is to create and use a set of clean files which is independently collected. If, when using such a set, one product has e.g. 30 FPs and another only 5, it is likely that the first product is more prone to FPs than the other. It doesn’t mean the product with 5 FPs doesn’t have more than 5 FPs globally, but it is the relative number that is important.
Tested Products
Test Procedure
In order to give more information to the user about the false alarms, we try to rate the prevalence of the false alarms. Files which were digitally signed are considered more important. Due to that, a file with the lowest prevalence level (Level 1) and a valid digital signature is upgraded to the next level (e.g. prevalence “level 2”). Files which according to several telemetry sources had zero prevalence have been provided to the vendors in order to fix them, but have also been removed from the set and were not counted as false alarms.
The prevalence is given in five categories and labeled with the following colors:
Level | Presumed number of affected users | Comments | |
---|---|---|---|
1 | Probably fewer than hundred users | Individual cases, old or rarely used files, very low prevalence | |
2 | Probably several hundreds of users | Initial distribution of such files was probably much higher, but current usage on actual systems is lower (despite its presence), that is why also well-known software may now affect / have only a prevalence of some hundreds or thousands of users. |
|
3 | Probably several thousands of users | ||
4 | Probably several tens of thousands (or more) of users | ||
5 | Probably several hundreds of thousands or millions of users | Such cases are likely to be seen much less frequently in a false alarm test done at a specific time, as such files are usually either whitelisted or would be noticed and fixed very fast. |
Most false alarms will probably fall into the first two levels most of the time. In our opinion, anti-virus products should not have false alarms on any sort of clean files regardless of how many users are currently affected by them. While some AV vendors may play down the risk of false alarms and play up the risk of malware, we are not going to rate products based on what the supposed prevalence of false alarms is. We already allow a certain number of false alarms (currently 10) inside our clean set before we start penalizing scores, and in our opinion products which produce a higher number of false alarms are also more likely to produce false alarms with more prevalent files (or in other sets of clean files). The prevalence data we give for clean files is just for informational purpose. The listed prevalence can differ inside the report, depending on which file/version the false alarm occurred, and/or how many files of the same kind were affected.
Testcases
All listed false alarms were encountered at the time of testing. False alarms caused by unencrypted data blocks in anti-virus related files were not counted. If a product had several false alarms belonging to the same application, it is counted here as only one false alarm. Cracks, keygens, or other highly questionable tools, including FPs distributed/shared primarily by vendors (which may be in the several thousands) or other non-independent sources are not counted here as false positives.
Test Results
There may be a variation in the number of false positives produced by two different programs that use the same engine (principal detection component). For example, Vendor A may license its detection engine to Vendor B, but Vendor A’s product may have more or fewer false positives than Vendor B’s product. This can be due to factors such as different internal settings being implemented, differences in other components and services such as additional or differing secondary engines/signatures/whitelist databases/cloud services/quality assurance, and possible time delay between the release of the original signatures and the availability of the signatures for third-party products.
False Positives (FPs) are an important measurement for AV quality. One FP report from a customer can result in large amount of engineering and support work to resolve the issue. Sometimes this can even lead to important data loss or system unavailability. Even “not significant” FPs (or FPs on older applications) deserve mention and attention because FPs are likely to be a result of principled rule detections. It just happened that the FP was on an insignificant file. The FP possibility is probably still in the product and could cause an FP again on a more significant file. Thus, they still deserve mention and still deserve to be penalised. Below you will find the false alarms we observed in our independent set of clean files. Red entries highlight false alarms on files that were digitally signed.
1. | ESET | 0 | no/very few FPs | |||
2. | McAfee | 2 | few FPs | |||
3. | eScan | 3 | ||||
4. | Adaware | 4 | ||||
5. | Bitdefender, BullGuard, VIPRE | 5 | ||||
6. | Emsisoft, Microsoft | 6 | ||||
7. | Seqrite | 8 | ||||
8. | Avast, AVG | 9 | ||||
9. | Kaspersky | 10 | ||||
10. | Avira | 12 | many FPs | |||
11. | CrowdStrike | 16 | ||||
12. | Tencent | 20 | ||||
13. | F-Secure | 22 | ||||
14. | Fortinet | 26 | ||||
15. | Panda | 42 | ||||
16. | Trend Micro | 80 | very many FPs | |||
17. | Symantec | 274 | remarkably many FPs |
Details about the discovered false alarms
ESET had zero false alarms on the used set of clean files.
McAfee | 2 False Alarm | |
False alarm found in some parts of | Detected as | Supposed prevalence |
ConMana package | Artemis!15BECDDD6D7B | |
TalkSender package | GenericRXAV-IV!87E29BAC562F |
eScan | 3 False Alarm | |
False alarm found in some parts of | Detected as | Supposed prevalence |
FurnPlan package | Gen:Heur.MSIL.Bladabindi.1 (DB) | |
HurtWorld package | Gen:Variant.MSILPerseus.117628 (DB) | |
SucheTotal package | Gen:Variant.Razy.218986 (DB) |
Adaware | 4 False Alarm | |
False alarm found in some parts of | Detected as | Supposed prevalence |
Apfelmann package | Trojan.Generic.20825558 | |
FurnPlan package | Gen:Heur.MSIL.Bladabindi.1 | |
HurtWorld package | Gen:Variant.MSILPerseus.117628 | |
SucheTotal package | Gen:Variant.Razy.218986 |
Bitdefender | 5 False Alarm | |
False alarm found in some parts of | Detected as | Supposed prevalence |
AirFlow package | Zum.Androm.1 | |
Apfelmann package | Trojan.Generic.20825558 | |
FurnPlan package | Gen:Heur.MSIL.Bladabindi.1 | |
HurtWorld package | Gen:Variant.MSILPerseus.117628 | |
SucheTotal package | Gen:Variant.Razy.218986 |
BullGuard | 5 False Alarm | |
False alarm found in some parts of | Detected as | Supposed prevalence |
AirFlow package | Zum.Androm.1 | |
Apfelmann package | Trojan.Generic.20825558 | |
FurnPlan package | Gen:Heur.MSIL.Bladabindi.1 | |
HurtWorld package | Gen:Variant.MSILPerseus.117628 | |
SucheTotal package | Gen:Variant.Razy.218986 |
VIPRE | 5 False Alarm | |
False alarm found in some parts of | Detected as | Supposed prevalence |
AirFlow package | Zum.Androm.1 | |
Apfelmann package | Trojan.Generic.20825558 | |
FurnPlan package | Gen:Heur.MSIL.Bladabindi.1 | |
HurtWorld package | Gen:Variant.MSILPerseus.117628 | |
SucheTotal package | Gen:Variant.Razy.218986 |
Emsisoft | 6 False Alarm | |
False alarm found in some parts of | Detected as | Supposed prevalence |
AirFlow package | Zum.Androm.1 | |
Apfelmann package | Trojan.Generic.20825558 | |
FurnPlan package | Gen:Heur.MSIL.Bladabindi.1 | |
HurtWorld package | Gen:Variant.MSILPerseus.117628 | |
OrangeGem package | Trojan.Sinowal.Gen.1 | |
SucheTotal package | Gen:Variant.Razy.218986 |
Microsoft | 6 False Alarm | |
False alarm found in some parts of | Detected as | Supposed prevalence |
AnimationSuite package | Exploit:HTML/CodeBaseExec | |
Cypics package | Trojan:Win32/Fuery.B!cl | |
eRightSoft package | Trojan:Win32/Dynamer!ac | |
HackerSecurity package | Trojan:Win32/Fuery.B!cl | |
Silverke package | Trojan:Win32/Fuery.B!cl | |
TouchAble package | Trojan:Win32/Fuery.A!cl |
Seqrite | 8 False Alarm | |
False alarm found in some parts of | Detected as | Supposed prevalence |
Apfelmann package | EE:Malware.Generic.20825558 | |
Cubes package | Trojan.IGENERIC | |
FurnPlan package | EE:Heur.MSIL.Bladabindi.1 | |
HurtWorld package | EE:Malwr.Heur.MSILPerseus.117628 | |
Imation package | TrojanPWS.Crypt | |
MyPCBackup package | Trojan.IGENERIC | |
SIW package | Trojan.IGENERIC | |
SucheTotal package | EE:Malwr.Heur.Razy.218986 |
Avast | 9 False Alarm | |
False alarm found in some parts of | Detected as | Supposed prevalence |
AcpCtrl package | Win32:Malware-gen | |
AtomConverter package | Win32:Evo-gen | |
AutoPlay package | Win32:Evo-gen | |
CS package | Win32:Evo-gen | |
DNSQuery package | FileRepMalware | |
Prey package | FileRepMalware | |
SurfBlocker package | Win32:Evo-gen | |
TwinkiePaste package | Win32:Dh-A | |
ZHPCleaner package | FileRepMalware |
AVG | 9 False Alarm | |
False alarm found in some parts of | Detected as | Supposed prevalence |
AcpCtrl package | Win32:Malware-gen | |
AtomConverter package | Win32:Evo-gen | |
AutoPlay package | Win32:Evo-gen | |
CS package | Win32:Evo-gen | |
DNSQuery package | FileRepMalware | |
Prey package | FileRepMalware | |
SurfBlocker package | Win32:Evo-gen | |
TwinkiePaste package | Win32:Dh-A | |
ZHPCleaner package | FileRepMalware |
Kaspersky Lab | 10 False Alarm | |
False alarm found in some parts of | Detected as | Supposed prevalence |
Acrobat package | DangerousObject.Multi.Generic | |
Deskline package | Trojan.Win32.TDSS.rfeb | |
DreiKampf package | DangerousObject.Multi.Generic | |
eBayWatcher package | DangerousObject.Multi.Generic | |
Elba package | DangerousObject.Multi.Generic | |
Ferrari package | DangerousObject.Multi.Generic | |
Norman package | Trojan-Spy.MSIL.KeyLogger.sb | |
Saver package | Trojan.Win32.Scar.pshu | |
SpyBlocker package | Trojan-Dropper.Win32.Dinwod.gen | |
TransXP package | DangerousObject.Multi.Generic |
AVIRA | 12 False Alarm | |
False alarm found in some parts of | Detected as | Supposed prevalence |
ActivePresenter package | HEUR/APC | |
Anno package | HEUR/APC | |
DeadBolt package | HEUR/APC | |
DebutVideo package | HEUR/APC | |
HurtWorld package | HEUR/APC | |
Inside package | HEUR/APC | |
QB package | HEUR/APC | |
ThuBattery package | HEUR/APC | |
VisualStudio package | HEUR/APC | |
WGet package | HEUR/APC | |
YouDown package | TR/Crypt.XPACK.Gen7 | |
Zimmermann package | TR/Crypt.XPACK.Gen |
Crowdstrike | 16 False Alarm | |
False alarm found in some parts of | Detected as | Supposed prevalence |
Adressen package | High Severity Activity Prevented | |
Civilization package | High Severity Activity Prevented | |
Comeleo package | Medium Severity Activity Prevented | |
Doris package | Medium Severity Activity Prevented | |
FineReader package | High Severity Activity Prevented | |
FotoFit package | Low Severity Activity Prevented | |
GT4T package | Medium Severity Activity Prevented | |
HP package | Medium Severity Activity Prevented | |
MusicMaker package | Low Severity Activity Prevented | |
Passwort package | Medium Severity Activity Prevented | |
Siedler package | Medium Severity Activity Prevented | |
Tennis package | High Severity Activity Prevented | |
Tierpension package | Low Severity Activity Prevented | |
VisualStudio package | Low Severity Activity Prevented | |
WX package | Medium Severity Activity Prevented | |
ZipPack package | Medium Severity Activity Prevented |
Tencent | 20 False Alarm | |
False alarm found in some parts of | Detected as | Supposed prevalence |
Acer package | Malicious file | |
Apfelmann package | Trojan.Generic.20825558 | |
Cleaner package | Malicious file | |
Deskline package | Malicious file | |
eBayWatcher package | Malicious file | |
FurnPlan package | Gen:Heur.MSIL.Bladabindi.1 | |
HotCorners package | Malicious file | |
HurtWorld package | Malicious file | |
IE package | Malicious file | |
Iron package | Malicious file | |
Kloetzchen package | Malicious file | |
Menue package | Malicious file | |
ORF package | Malicious file | |
Rapid package | Malicious file | |
Repair package | Malicious file | |
SpyBlocker package | Malicious file | |
SucheTotal package | Gen:Variant.Razy.218986 | |
Tierpension package | Malicious file | |
VisualStudio package | Malicious file | |
WormCleaner package | Malicious file |
F-Secure | 22 False Alarm | |
False alarm found in some parts of | Detected as | Supposed prevalence |
Apfelmann package | Trojan.Generic.20825558 | |
Avid package | Trojan:W32/Generic.472343a2a9!Online | |
Billeo package | Trojan-dropper:W32/Coinminer.05e461fc33!Online | |
CheMax package | Trojan.GenericKD.4918272 | |
Cleaner package | Trojan:W32/Gen1527.664414a2b6!Online | |
DrGrips package | Trojan:W32/Generic.a05128a703!Online | |
Feratel package | Trojan:W32/Generic.0c8969b4cf!Online | |
FurnPlan package | Gen:Heur.MSIL.Bladabindi.1 | |
Herold package | Trojan:W32/Generic.700133a4e8!Online | |
HurtWorld package | Gen:Variant.MSILPerseus.117628 | |
IncredibleHulk package | Trojan:W32/Generic.b5ab5a2d8f!Online | |
MakeInstantPlayer package | Trojan:W32/BitCoinMiner.J | |
ND package | Trojan:W32/Generic.b61f95dc11!Online | |
ORF package | Trojan:W32/Gen1527.36cc645ee3!Online | |
PanoStudio package | Trojan:W32/Generic.9883449c12!Online | |
PDFmerger package | Trojan:W32/Generic.9d72d7882a!Online | |
Rapid package | Trojan:W32/Generic.3a363c348a!Online | |
Repair package | Trojan:W32/Generic.4d7c9d6f6c!Online | |
SafeNSec package | Trojan:W32/Generic.aa077bd836!Online | |
SucheTotal package | Gen:Variant.Razy.218986 | |
WinHotel package | Trojan:W32/Generic.0c8969b4cf!Online | |
XMLconverter package | Trojan:W32/Generic.86bc19aefc!Online |
Fortinet | 26 False Alarm | |
False alarm found in some parts of | Detected as | Supposed prevalence |
Acer package | W32/Generic.AC.12270!tr | |
Chrome package | W32/Kryptik.FCRG!tr | |
Clock package | W32/Generic.AC.371739!tr | |
ConCentre package | W32/Generic.AP.19EE7BF!tr | |
CounterStrike package | W32/Generic.AC.3766AE!tr | |
DLLkiller package | W32/Generic.AC.3AAE8F!tr | |
DVDVideo package | PossibleThreat | |
Flacon package | W32/Generic.AC.3AAE8F!tr | |
FunDisc package | Malicious_Behavior.SB | |
FunnyBubbles package | W32/Generic.AC.371739!tr | |
GeoSet package | W32/Injector.CVSJ!tr | |
HotCorners package | W32/Generic.AC.1B80!tr | |
Iron package | W32/Kryptik.FCRG!tr | |
Kuranin package | PossibleThreat | |
Lexmark package | W32/Kryptik.FSFD!tr | |
Menue package | W32/Generic.AC.106B8B!tr | |
Moorhuhn package | W32/Generic.AC.12A46A!tr | |
NSW package | W32/Generic.AC.38E8!tr | |
PDFmachine package | W32/Generic.AC.3AAE8F!tr | |
PowerBatch package | W32/Locky.L!tr | |
Smad package | W32/Generic.AP.6B9831C!tr | |
SPX package | W32/Kryptik.EWDD!tr | |
Toshiba package | W32/Kryptik.FNFF!tr | |
Transfer package | W32/TrojanDldr.SEVE!tr | |
Triton package | W32/Generic.AC.2CC38C!tr | |
XPI package | W32/Generic.AC.3F354C!tr |
Panda | 42 False Alarm | |
False alarm found in some parts of | Detected as | Supposed prevalence |
ActivePresenter package | Trojan | |
Adressen package | Trojan | |
AmericanConquest package | Trojan | |
Apfelmann package | Trojan | |
Asynch package | Trojan | |
AtomConverter package | Trojan | |
Comeleo package | Trojan | |
DeadBolt package | Trojan | |
Deskline package | Trojan | |
Doris package | Trojan | |
DreiKampf package | Trojan | |
DrGrips package | Trojan | |
FotoFit package | Trojan | |
FurnPlan package | Trojan | |
GT4T package | Trojan | |
Herold package | Trojan | |
HurtWorld package | Trojan | |
Inside package | Trojan | |
Kuranin package | Trojan | |
Menue package | Trojan | |
MyPCBackup package | Trojan | |
Norman package | Trojan | |
Passwort package | Trojan | |
PowerBatch package | Trojan | |
Puzzle package | Trojan | |
SafeNSec package | Trojan | |
SAM package | Trojan | |
Saver package | Trojan | |
SmartFix package | Trojan | |
SpyBlocker package | Trojan | |
SucheTotal package | Trojan | |
SurfBlocker package | Trojan | |
Tennis package | Trojan | |
Tiscali package | Trojan | |
Transfer package | Trojan | |
VisualStudio package | Trojan | |
Vuex package | Trojan | |
WGet package | Trojan | |
WinHotel package | Trojan | |
WX package | Trojan | |
YouDown package | Trojan | |
ZHP package | Trojan |
Trend Micro | 80 False Alarm | |
False alarm found in some parts of | Detected as | Supposed prevalence |
ActivePresenter package | Suspicious File | |
Adressen package | Suspicious File | |
AirFlow package | Suspicious File | |
AnimationSuite package | Suspicious File | |
Anonym package | Suspicious File | |
Apfelmann package | Suspicious File | |
AutoPlay package | Suspicious File | |
Billeo package | Suspicious File | |
Browster package | Suspicious File | |
CDWriter package | TROJ_VAPSUP.UI | |
Comeleo package | Suspicious File | |
ConCentre package | Suspicious File | |
CPUcool package | Suspicious File | |
Cubes package | Suspicious File | |
Cypics package | Suspicious File | |
DB2EXE package | Suspicious File | |
DeadBolt package | Suspicious File | |
DebutVideo package | Suspicious File | |
Doris package | Suspicious File | |
DreiKampf package | Suspicious File | |
eBayWatcher package | Suspicious File | |
eRightSoft package | Suspicious File | |
ESET package | Suspicious File | |
Firefox package | Suspicious File | |
FunnyBubbles package | Suspicious File | |
FurnPlan package | Suspicious File | |
GameAccelerator package | Suspicious File | |
GeoSet package | Suspicious File | |
GMER package | Suspicious File | |
GoogleUpdater package | Suspicious File | |
GT4T package | Suspicious File | |
HackerSecurity package | Suspicious File | |
Herold package | Suspicious File | |
HurtWorld package | Suspicious File | |
IceAge package | Suspicious File | |
IE package | Suspicious File | |
Inside package | Suspicious File | |
Joshua package | Suspicious File | |
Klepto package | Suspicious File | |
Kloetzchen package | Suspicious File | |
Kuranin package | Suspicious File | |
LG package | Suspicious File | |
McAfee package | Suspicious File | |
Menue package | Suspicious File | |
NCH package | Suspicious File | |
NetTools package | Suspicious File | |
NewWorldOrder package | Suspicious File | |
Norman package | Suspicious File | |
OrangeGem package | Suspicious File | |
ORF package | Suspicious File | |
Passwort package | Suspicious File | |
PDFmachine package | Suspicious File | |
PowerBatch package | Suspicious File | |
Puzzle package | Suspicious File | |
Rapid package | Suspicious File | |
RegCool package | Suspicious File | |
SafeNSec package | Suspicious File | |
Siedler package | Suspicious File | |
Silverke package | Suspicious File | |
SmartFix package | Suspicious File | |
SPX package | Suspicious File | |
SpyBlocker package | Suspicious File | |
SucheTotal package | Suspicious File | |
SurfBlocker package | Suspicious File | |
Tennis package | Suspicious File | |
Tiscali package | Suspicious File | |
Toshiba package | Suspicious File | |
TouchAble package | Suspicious File | |
Transfer package | Suspicious File | |
TweakPower package | Suspicious File | |
TwinkiePaste package | Suspicious File | |
UltraDVD package | Suspicious File | |
VirtualForensic package | Suspicious File | |
VisualStudio package | Suspicious File | |
WGet package | Suspicious File | |
WinAMP package | Suspicious File | |
WinHotel package | Suspicious File | |
WX package | Suspicious File | |
ZHP package | Suspicious File | |
Zimmermann package | Suspicious File |
Symantec | 274 False Alarm | |
False alarm found in some parts of | Detected as | Supposed prevalence |
AceBackup package | Suspicious.Epi.3 | |
Adobe package | Trojan.Gen.8!cloud | |
AmazingStudio package | Suspicious.Epi.3 | |
AmericanConquest package | Suspicious.Epi.3 | |
Anlagenverbinder package | Trojan.Gen.8!cloud | |
AnyMusic package | Suspicious.Epi.3 | |
Aplus package | Heur.AdvML.C | |
AppFuscator package | Heur.AdvML.B | |
Areca package | Suspicious.Epi.3 | |
Ashampoo package | Suspicious.Epi.3 | |
Atomaders package | Heur.AdvML.C | |
AutoHotKey package | Suspicious.Epi.3 | |
AverTV package | Suspicious.Epi.3 | |
Avira package | Suspicious.Epi.3 | |
Babylon package | Suspicious.Epi.3 | |
BartPE package | Trojan.Gen.8!cloud | |
BayWatcher package | Heur.AdvML.C | |
BeamYourScreen package | Suspicious.Epi.3 | |
BietOMatic package | Suspicious.Epi.3 | |
Bitdefender package | Suspicious.Epi.3 | |
Bmark package | Suspicious.Epi.3 | |
BmkBuddy package | Trojan.Gen.2 | |
BonkEnc package | Suspicious.Epi.3 | |
BoxedApp package | Suspicious.Epi.3 | |
Boxod package | Heur.AdvML.C | |
Brother package | Suspicious.Epi.3 | |
Browster package | Suspicious.Epi.3 | |
Busch package | Suspicious.Epi.3 | |
Canon package | Suspicious.Epi.3 | |
CarPack package | Suspicious.Epi.3 | |
CCleaner package | Suspicious.Epi.3 | |
ChipInfo package | Heur.AdvML.C | |
ChopperAlley package | Heur.AdvML.C | |
CivilWar package | Heur.AdvML.A | |
Clam package | Suspicious.Epi.3 | |
Clikster package | Suspicious.Epi.3 | |
ClockGen package | Suspicious.Epi.3 | |
CloneSpy package | Suspicious.Epi.3 | |
CMD package | Trojan.Gen.8!cloud | |
Comodo package | Suspicious.Epi.3 | |
CPUcool package | Trojan.Gen.8!cloud | |
Creative package | Suspicious.Epi.3 | |
CutLogic package | Suspicious.Epi.3 | |
Daphne package | Suspicious.Epi.3 | |
Databecker package | Trojan.Gen.8!cloud | |
DateCalc package | Trojan Horse | |
DB2EXE package | Trojan.ADH.2 | |
Defrag package | Trojan.Gen.8!cloud | |
Degeneration package | Suspicious.Epi.3 | |
Diafaan package | Suspicious.Epi.3 | |
DigiBook package | Suspicious.Epi.3 | |
DrDivx package | Trojan.Gen.8!cloud | |
Dropbox package | Trojan.Gen.X | |
EasiestSoft package | Suspicious.Epi.3 | |
EFcommander package | Suspicious.Epi.3 | |
ESET package | Suspicious.Epi.3 | |
Ewido package | Suspicious.Epi.3 | |
FFmpeg package | Suspicious.Epi.3 | |
FileDateCorrector package | Suspicious.Epi.3 | |
FileQuest package | Heur.AdvML.C | |
FilmMachine package | Heur.AdvML.C | |
FindYourMac package | Suspicious.Epi.3 | |
FineReader package | Heur.AdvML.A | |
Firefox package | Suspicious.Epi.3 | |
FireTune package | Heur.AdvML.C | |
FlowCharter package | Suspicious.Epi.3 | |
FolderShield package | Heur.AdvML.C | |
Fontlister package | Trojan.Gen.8!cloud | |
Fotograf package | Heur.AdvML.B | |
FoxitReader package | Suspicious.Epi.3 | |
Fractalizer package | Suspicious.Epi.3 | |
FreeFaktura package | Suspicious.Epi.3 | |
FreshDow package | Suspicious.Epi.3 | |
FreshUI package | Suspicious.Epi.3 | |
Frisk package | Suspicious.Epi.3 | |
FunnyBubbles package | Suspicious.Epi.3 | |
GameXP package | Heur.AdvML.C | |
Genius package | Suspicious.Epi.3 | |
Gesundheit package | Suspicious.Epi.3 | |
Glarysoft package | Suspicious.Epi.3 | |
Glew package | Suspicious.Epi.3 | |
Gmail package | Heur.AdvML.C | |
GMER package | Trojan.Gen.8!cloud | |
Google package | Suspicious.Epi.3 | |
GPG package | Suspicious.Epi.3 | |
GranParadiso package | Suspicious.Epi.3 | |
GreTech package | Suspicious.Epi.3 | |
GroundControl package | Heur.AdvML.C | |
Gsplit package | Suspicious.Epi.3 | |
GT4T package | Heur.AdvML.C | |
Guardian package | Suspicious.Epi.3 | |
HanoiTower package | Heur.AdvML.C | |
HDCleaner package | Suspicious.Epi.3 | |
Heineken package | Heur.AdvML.A | |
Heliotherm package | Suspicious.Epi.3 | |
Helium package | Suspicious.Epi.3 | |
Hexen package | Suspicious.Epi.3 | |
HideAllIP package | Heur.AdvML.C | |
HiJackThis package | Heur.AdvML.C | |
HomeGuard package | Heur.AdvML.C | |
HomyFads package | Suspicious.Epi.3 | |
HotelScout package | Suspicious.Epi.3 | |
HP package | Suspicious.Epi.3 | |
Httpd package | Suspicious.Epi.3 | |
Huawei package | Suspicious.Epi.3 | |
HydraVision package | Suspicious.Epi.3 | |
HydroMagic package | Suspicious.Epi.3 | |
HyperCam package | Suspicious.Epi.3 | |
iCloud package | Heur.AdvML.B | |
IconXtractor package | Trojan.Gen.8!cloud | |
IcyTower package | Trojan.Gen.8!cloud | |
IE package | Suspicious.Epi.3 | |
Ikaros package | Suspicious.Epi.3 | |
InfiniteTerrain package | Suspicious.Epi.3 | |
InterVideo package | Suspicious.Epi.3 | |
Iomega package | Suspicious.Epi.3 | |
IOMeter package | Suspicious.Epi.3 | |
JetBrains package | Heur.AdvML.C | |
Jigsaw package | Heur.AdvML.B | |
Joshua package | Heur.AdvML.B | |
Kaspersky package | Trojan.Tooso!gen | |
Kazaa package | Trojan.Gen.8!cloud | |
Kensington package | Suspicious.Epi.3 | |
Keystrokes package | Heur.AdvML.B | |
Klepto package | Trojan.Gen.8!cloud | |
KLSbackup package | Heur.AdvML.A | |
Kmeleon package | Suspicious.Epi.3 | |
Konvert package | Suspicious.Epi.3 | |
L2LC package | Heur.AdvML.B | |
Latex package | Suspicious.Epi.3 | |
Lazarus package | Suspicious.Epi.3 | |
Leadtek package | Heur.AdvML.C | |
LG package | Suspicious.Epi.3 | |
Linkstash package | Suspicious.Epi.3 | |
Listary package | Suspicious.Epi.3 | |
LiteStep package | Suspicious.Epi.3 | |
Longtion package | Suspicious.Epi.3 | |
MailBag package | Heur.AdvML.C | |
Maptiler package | Suspicious.Epi.3 | |
MediaInfo package | Suspicious.Epi.3 | |
Medion package | Suspicious.Epi.3 | |
Miui package | Trojan.Gen.8!cloud | |
MKV package | Trojan.Gen.2 | |
MM3 package | Suspicious.Epi.3 | |
Mobility package | Suspicious.Epi.3 | |
MovieClone package | Suspicious.Epi.3 | |
MP3Database package | Suspicious.Epi.3 | |
MP3Tag package | Suspicious.Epi.3 | |
MSI package | Suspicious.Epi.3 | |
MyPC package | Heur.AdvML.C | |
NCH package | Trojan.Gen.8!cloud | |
Nero package | Suspicious.Epi.3 | |
NewWorldOrder package | Heur.AdvML.C | |
NFOreader package | Suspicious.Epi.3 | |
Nvidia package | Suspicious.Epi.3 | |
OnlineEye package | Suspicious.Epi.3 | |
OpenOffice package | Suspicious.Epi.3 | |
Opera package | Trojan.Gen.8!cloud | |
ORF package | Downloader | |
OutlookAttachView package | Suspicious.Epi.3 | |
Outpost package | Suspicious.Epi.3 | |
PaintShop package | Suspicious.Epi.3 | |
Pamela package | Suspicious.Epi.3 | |
Pango package | Suspicious.Epi.3 | |
PasswordCrypter package | Suspicious.Epi.3 | |
PCzeit package | Suspicious.Epi.3 | |
PDFexplorer package | Suspicious.Epi.3 | |
PDFsplit package | Heur.AdvML.C | |
PEBL package | Heur.AdvML.C | |
Phong package | Suspicious.Epi.3 | |
PhotoResizer package | Suspicious.Epi.3 | |
PowerDirector package | Suspicious.Epi.3 | |
PowerfulZip package | Suspicious.Epi.3 | |
PowerStrip package | Suspicious.Epi.3 | |
PowerVR package | Suspicious.Epi.3 | |
Privoxy package | Heur.AdvML.C | |
Profan package | Suspicious.Epi.3 | |
ProfExam package | Heur.AdvML.C | |
ProxyCrypt package | Heur.AdvML.C | |
PureVPN package | Suspicious.Epi.3 | |
Qemu package | Suspicious.Epi.3 | |
QuoteFix package | Suspicious.Epi.3 | |
Radiosoft package | Suspicious.Epi.3 | |
Rainlendar package | Suspicious.Epi.3 | |
Realtek package | Suspicious.Epi.3 | |
Recompress package | Suspicious.Epi.3 | |
RegCool package | Trojan.Gen.8!cloud | |
RegistryCleanExpert package | Trojan.Gen.2 | |
RegistryFirstAid package | Suspicious.Epi.3 | |
RemoteCommand package | Heur.AdvML.C | |
ReplaceStudio package | Heur.AdvML.C | |
RestoreNatur package | Trojan.Gen.2 | |
Roboform package | Suspicious.Epi.3 | |
Robot package | Heur.AdvML.C | |
Route66 package | Suspicious.Epi.3 | |
RunWithParameters package | Suspicious.Epi.3 | |
SafetyBrowser package | Trojan.Gen.8!cloud | |
SafeXP package | Suspicious.Epi.3 | |
Sandboxie package | Suspicious.Epi.3 | |
Sateirac package | Suspicious.Epi.3 | |
ScreenGIF package | Heur.AdvML.C | |
Search package | Heur.AdvML.B | |
Server2Go package | Heur.AdvML.C | |
SimplyZIP package | Suspicious.Epi.3 | |
Skater package | Suspicious.Epi.3 | |
SkiRacing package | Trojan.Gen.8!cloud | |
SlimJet package | Suspicious.Epi.3 | |
SmartFix package | Heur.AdvML.A | |
SoftCoronas package | Suspicious.Epi.3 | |
SpeedTest package | Suspicious.Epi.3 | |
SPSS package | Suspicious.Epi.3 | |
SpyBlock package | Heur.AdvML.C | |
StarCraft package | Heur.AdvML.A | |
StarDict package | Suspicious.Epi.3 | |
StartDelay package | Heur.AdvML.B | |
StationRipper package | Suspicious.Epi.3 | |
StealthNet package | Suspicious.Epi.3 | |
StormCloud package | Suspicious.Epi.3 | |
SurfBlocker package | Heur.AdvML.B | |
Sylpheed package | Suspicious.Epi.3 | |
Tablacus package | Suspicious.Epi.3 | |
TagRunner package | Suspicious.Epi.3 | |
TaskCouch package | Suspicious.Epi.3 | |
Tauscan package | Suspicious.Epi.3 | |
TelefonCD package | Heur.AdvML.C | |
Tennis package | Heur.AdvML.B | |
TimeGuardian package | Suspicious.Epi.3 | |
TinySoft package | Suspicious.Epi.3 | |
Tiscali package | Backdoor.Trojan | |
TLKgames package | Suspicious.Epi.3 | |
TnyHex package | Suspicious.Epi.3 | |
Toppler package | Suspicious.Epi.3 | |
TotalCommander package | Suspicious.Epi.3 | |
TuneBite package | Suspicious.Epi.3 | |
TweakPower package | Trojan.Gen.8!cloud | |
TwinkiePaste package | Suspicious.Epi.3 | |
Ulead package | Suspicious.Epi.3 | |
UltraFileSearch package | Suspicious.Epi.3 | |
Vanderlee package | Trojan.Gen.8!cloud | |
Viena package | Suspicious.Epi.3 | |
Vimato package | Suspicious.Epi.3 | |
VirtualDub package | Suspicious.Epi.3 | |
VisualBasic package | Suspicious.Epi.3 | |
VisualFileSplitter package | Suspicious.Epi.3 | |
VoiceMasters package | Heur.AdvML.C | |
Volumouse package | Suspicious.Epi.3 | |
VstPlugins package | Suspicious.Epi.3 | |
Webplugin package | Suspicious.Epi.3 | |
WgaOga package | Heur.AdvML.C | |
WheelKeys package | Heur.AdvML.C | |
WiFiManager package | Heur.AdvML.A | |
WinACE package | Trojan.Gen.2 | |
WinAMP package | Suspicious.Epi.3 | |
Wings package | Suspicious.Epi.3 | |
WinHelp package | Heur.AdvML.C | |
WinnerTw package | Heur.AdvML.C | |
WinPower package | Suspicious.Epi.3 | |
WinRar package | Suspicious.Epi.3 | |
WinServices package | Suspicious.Epi.3 | |
WinZIP package | Suspicious.Epi.3 | |
Wits package | Heur.AdvML.C | |
WWFDesktop package | Trojan.ADH | |
XFlash package | Suspicious.Epi.3 | |
Xlinksoft package | Heur.AdvML.C | |
XPY package | Suspicious.Epi.3 | |
XYplorer package | Suspicious.Epi.3 | |
Yamicsoft package | Suspicious.Epi.3 | |
YAW package | Trojan.Gen.8!cloud | |
Zattoo package | Trojan.Gen.8!cloud | |
ZHP package | SAPE.Heur.A60A1 | |
Zimmermann package | Suspicious.Epi.3 | |
Zoner package | Trojan.Dropper | |
Zortam package | Suspicious.Epi.3 | |
Zylom package | Suspicious.Epi.3 |
Copyright and Disclaimer
This publication is Copyright © 2017 by AV-Comparatives ®. Any use of the results, etc. in whole or in part, is ONLY permitted after the explicit written agreement of the management board of AV-Comparatives prior to any publication. AV-Comparatives and its testers cannot be held liable for any damage or loss, which might occur as result of, or in connection with, the use of the information provided in this paper. We take every possible care to ensure the correctness of the basic data, but a liability for the correctness of the test results cannot be taken by any representative of AV-Comparatives. We do not give any guarantee of the correctness, completeness, or suitability for a specific purpose of any of the information/content provided at any given time. No one else involved in creating, producing or delivering test results shall be liable for any indirect, special or consequential damage, or loss of profits, arising out of, or related to, the use or inability to use, the services provided by the website, test documents or any related data.
For more information about AV-Comparatives and the testing methodologies, please visit our website.
AV-Comparatives
(October 2017)