false positive Naver Whale
My name is jee soo Lee in NAVER corporation, South Korea.
I'm writing this report for asking you modifying the error, that lavasoft vaccine program recognize our program 'whale' as a malicious code.
'Whale' is the PC based new web browser we have the plan for releasing ( http://whale.naver.com/en/ )
(related article : http://www.businesskorea.co.kr/english/news/ict/16685-challenge-ie-chrome-naver-releases-internet-browser-whale-tapping-web-browser-market)
during testing compatibility between your vaccine program and our browser, we have found that your vaccine program recognizes our program as a malicious code, therefore restrict installation.
many users complained about this problem
specific situation is like these
1. sometimes, your vaccine program recognize 'whale.exe' as a malicious code
2. sometimes, your vaccine program recognize 'IETabDriver.exe' as a malicious code
this is the corresponding link for the report
https://drive.google...b3M?usp=sharing
i also attach our file below (password : infected)
could you mind correcting these errors? and uploading our program whitelist of your program?
i appreciate your help and i look forward to your reply.
Thank you.
-
Hi jee soo lee,
Thanks for your report. To confirm, the files we checked are:
File: IETabDriver.exe
MD5: c103a08d9f2f9e2d18eedab0e376b481
File: whale.exe
MD5: 9969650dab84c15ab0d8a69b7a827e9fThese two files are not currently detected.
Regards,
Andy
Lavasoft Malware Lab
0 -
Yes, I can see the detection in the screenshot/xml file, but I can't recreate it with the files you uploaded. Maybe we're looking at different files.
Can you check the md5's of the detected files you're testing with and compare them with the files below? Are they the same, or different?
File: IETabDriver.exe
MD5: c103a08d9f2f9e2d18eedab0e376b481
File: whale.exe
MD5: 9969650dab84c15ab0d8a69b7a827e9fThanks,
Andy
0 -
thank you for your answer
after your reply, i've checked this again,
but still be detected
i attached the link of the screenshot
https://drive.google.com/open?id=0B4IUsxrv-kNsQzZTUnBQNGdGb3M
could you mind checking this problem again?
regards.
jee soo lee
Naver corporation
0 -
we have compared MD5 of those two files with ours, and they are the same.
but could you mind checking the error again using the file i attached(named : whale_install.zip)? this file is the combined file with those two file (usually, users use this file so, i think using this is more accurate)
and which window's version did you test in ? we have tested on the window 7(64bit), so i ask you to test on win 7(64bit).
and please check your UAC setting (the screen shot of our UAC setting is attached, please refer to this)
this is link of the file and screen shot,
https://drive.google.com/open?id=0B4IUsxrv-kNsQzZTUnBQNGdGb3M
i really appreciate your help.
sincerely
jee soo lee
Naver corporaion.
0 -
Using the installer, I was able to recreate the detection on IETabDriver.exe. The md5 for that file was different from the original one that we tested with (md5: 0f0ec27159eda4c9bad814d28bda0e59).
This is an FP and will be removed from detection.
I wasn't able to recreate the detection on whale.exe. The md5 of the file installed using the installer is d574b68650c68f8941dbc16f86d56a2f, which is also different from the file we originally tested.
Can you upload the version of whale.exe that is being detected please?
Andy
0 -
thank you for your helping,
we also have checked two files and there is problem of 'ietabdriver.exe' only, so it might not need to check about 'whale. exe' again
i really appreciate your help and if there is any other problems about this, i'll contact again
thank you
sincerely
jee soo lee
Naver corporation.
0
Please sign in to leave a comment.
Comments
6 comments