[SOLVED] [04141422] No reply to false positive + constant alerts

[jackfain]

We've released an update for our software and it got flagged by Panda AV. I've submitted a request for a re-scan several times, but received no response.

Panda has previously removed a false positive alert from the previous version, however, it didn't help.
A unique user-ID signature is generated for each instance of mini-installer which is downloaded.
This user-ID is appended to CitrioSetup.exe file right before the download process starts.
When Citrio Browser is installed, the mini-installer sends this ID to the server in order to confirm successful installation.

Below is an example of how this ID looks like:
"appguid={92F8A219-E740-49D5-B785-B962AD819724}&appname=Citrio&buildtype=1&needsadmin=False&lang=en&usagestats=1&iid={F377000C-6439-4E62-979B-C3FA5DAE8319}&referral=1:citrio_website"

Because of this tracking mechanism, each mini-installer has a unique checksum, and supposedly it is treated by antivirus software as different programs. So when a single mini-installer is claimed to be clean, the other mini-installerss may still cause some AV-alerts as their SHA/CRC are different.

So each installer is considered to be a separate program. Removing a false positive alert from one installer won't affect all. Can you solve this issue?

The installer can be downloaded from the official site: http://citrio.com/windows

According to VirusTotal, the alert does not immediately appears. So I've attached an installer that is already flagged by Panda.

Best regards,
Jack Fain

[as123]

You may not receive a reply, because the lab received a lot of mail every day.

[jackfain]

I understand that. But I'd like to see some actions to be taken.
Also, the problem is not in removing a false positive from just one exe file. This proved to be futile in the past.

[jackfain]

So, will somebody at Panda check this and respond?

[VirusBuster]

We have created the case 04141422 to study this issue
We'll keep you updated

[VirusBuster]

I have been checking with our laboratory and the detection as PUP (Potentially Unwanted Program) is correct due to its behavior

If you don't want to detect it you can disable the PUP detection from the antivirus settings, exclude it from the scan or restore the file from the quarantine what will create a exclusion

[jackfain]

Could you please explain what exact behavior in Citrio is triggering a PUP alert?

[jackfain]

So, will I eventually get an answer?

[VirusBuster]

Well, I've installed it and from what I see, its a copy of Chrome with several extensions, but it also messes up Chrome settings and have to be restored to its defaults (message from Chrome itself)

[jackfain]

So does Panda AV consider every Chromium-based browser to be a PUP solely on this principle? That it looks like Chrome, but has an added functionality.

How does Citrio mess up Chrome settings?
We've never received any feedback or complaint from users regarding such experience.
Please attach a screenshot and we'll try to fix it.