Antivirus false positive

Any issues related to FORScan application
twgoff
Posts: 7
Joined: Sun Dec 01, 2019 11:59 pm
Vehicle: Sport Trac, gas 4.6l, 2008

Re: Antivirus false positive

Post by twgoff »

I am getting a malware error when trying to install the latest version 2.3.37.
User avatar
fordsmax471
Posts: 1062
Joined: Mon Aug 07, 2017 5:29 pm
Vehicle: Ford S-Max 2.0 TDCi 2017 PowerShift

Re: Antivirus false positive

Post by fordsmax471 »

Whenever we make a new upgrade and create a new build to distribute to our users, Windows may temporarily block the installation because the file is new and Windows doesn’t have enough information to guarantee its safety. It can take a few weeks for Windows to remove this warning. Luckily, you can accept the downloaded file
1.png
1.png (111.9 KiB) Viewed 4755 times
twgoff
Posts: 7
Joined: Sun Dec 01, 2019 11:59 pm
Vehicle: Sport Trac, gas 4.6l, 2008

Re: Antivirus false positive

Post by twgoff »

I was able to exclude Forscan from my virus scan and it now works.
FORScan
Site Admin
Posts: 2800
Joined: Fri Jun 13, 2014 2:21 am

Re: Antivirus false positive

Post by FORScan »

We tested 2.3.37 on virustotal.com before the delivery, it didn't show any detections with Microsoft. It started to show it only on December, 1st. So either the site (virustotal.com) has problems with antivirus update, or Microsoft identified 2.3.37 as a threat AFTER the release.

Anyway, we have submitted the report to Microsoft, hope they will remove it from Defeinder soon.

Update: got word back from Microsoft that they have removed the false threat for 2.3.37:
Analyst comments:

We have removed the detection. Please follow the steps below to clear cached detection and obtain the latest malware definitions.

1. Open command prompt as administrator and change directory to c:\Program Files\Windows Defender
2. Run “MpCmdRun.exe -removedefinitions -dynamicsignatures”
3. Run "MpCmdRun.exe -SignatureUpdate"

Alternatively, the latest definition is available for download here: https://www.microsoft.com/en-us/wdsi/definitions

Thank you for contacting Microsoft.
smartguy69
Posts: 213
Joined: Mon Sep 21, 2020 8:27 pm
Vehicle: Kuga Titanium,2 litre diesel, 150PS, 2015

Re: Antivirus false positive

Post by smartguy69 »

FORScan wrote:
Wed Dec 02, 2020 3:31 am
We tested 2.3.37 on virustotal.com before the delivery, it didn't show any detections with Microsoft. It started to show it only on December, 1st. So either the site (virustotal.com) has problems with antivirus update, or Microsoft identified 2.3.37 as a threat AFTER the release.

Anyway, we have submitted the report to Microsoft, hope they will remove it from Defeinder soon.

Update: got word back from Microsoft that they have removed the false threat for 2.3.37:
Analyst comments:

We have removed the detection. Please follow the steps below to clear cached detection and obtain the latest malware definitions.

1. Open command prompt as administrator and change directory to c:\Program Files\Windows Defender
2. Run “MpCmdRun.exe -removedefinitions -dynamicsignatures”
3. Run "MpCmdRun.exe -SignatureUpdate"

Alternatively, the latest definition is available for download here: https://www.microsoft.com/en-us/wdsi/definitions

Thank you for contacting Microsoft.
I just bought a new laptop and installed version 2.3.38. Intercepted by Microsoft using windows defender on Sunday 24th January 2021.
smartguy69
Posts: 213
Joined: Mon Sep 21, 2020 8:27 pm
Vehicle: Kuga Titanium,2 litre diesel, 150PS, 2015

Re: Antivirus false positive

Post by smartguy69 »

Update 18th March.

Reinstalled windows, downloaded Forscan and all ok with Microsoft Defender.
CmaxDM2
Posts: 1
Joined: Sat Aug 01, 2020 3:02 pm
Vehicle: Ford Cmax 1.6 TDCI

Re: Antivirus false positive

Post by CmaxDM2 »

I ran the command prompt as written, it wrote me that there are no new updates, but it still tells me in the virus total that 1 file is infected with malware, what to do?
lrantan
Posts: 2
Joined: Sat Feb 10, 2018 2:11 am
Vehicle: Ford F350 6.7 TD 440hp, 2017

Re: Antivirus false positive

Post by lrantan »

Tried to install the latest FORScan for Windows v2.3.42 and bought the extended license but after installing and opening it for the first time my Windows Defender blocked it and said Trojan:Script/Wacatac.B!ml
was trying to run. I'm on Windows 11
f-wolf
Posts: 1078
Joined: Sat Apr 18, 2015 12:41 am
Vehicle: *** Ford ***
Location: Third planet from the sun

Re: Antivirus false positive

Post by f-wolf »

lrantan wrote:
Sun Aug 22, 2021 11:21 pm
Tried to install the latest FORScan for Windows v2.3.42 and bought the extended license but after installing and opening it for the first time my Windows Defender blocked it and said Trojan:Script/Wacatac.B!ml
was trying to run. I'm on Windows 11
See if this works ??

https://mspoweruser.com/getting-false ... rs-scan/
FORScan
Site Admin
Posts: 2800
Joined: Fri Jun 13, 2014 2:21 am

Re: Antivirus false positive

Post by FORScan »

lrantan wrote:
Sun Aug 22, 2021 11:21 pm
Tried to install the latest FORScan for Windows v2.3.42 and bought the extended license but after installing and opening it for the first time my Windows Defender blocked it and said Trojan:Script/Wacatac.B!ml
was trying to run. I'm on Windows 11
We test every release on virustotal.com, here is the report for v2.3.42. As you may see the only anti-virus that triggers false positive is Yandex (that is known issue but we cannot do anything with it). Microsoft (that is Windows Defender) says it is OK. We just re-scanned the file and it is still OK. Will monitor it further, in the meantime, please check your Windows Defender is up-to-date.
Post Reply