We've released an update for our software and it got flagged by Panda AV. I've submitted a request for a re-scan several times, but received no response.
Panda has previously removed a false positive alert from the previous version, however, it didn't help.
A unique user-ID signature is generated for each instance of mini-installer which is downloaded.
This user-ID is appended to CitrioSetup.exe file right before the download process starts.
When Citrio Browser is installed, the mini-installer sends this ID to the server in order to confirm successful installation.
Below is an example of how this ID looks like:
"appguid={92F8A219-E740-49D5-B785-B962AD819724}&appname=Citrio&buildtype=1&needsadmin=False&lang=en&usagestats=1&iid={F377000C-6439-4E62-979B-C3FA5DAE8319}&referral=1:citrio_website"
Because of this tracking mechanism, each mini-installer has a unique checksum, and supposedly it is treated by antivirus software as different programs. So when a single mini-installer is claimed to be clean, the other mini-installerss may still cause some AV-alerts as their SHA/CRC are different.
So each installer is considered to be a separate program. Removing a false positive alert from one installer won't affect all. Can you solve this issue?
The installer can be downloaded from the official site: http://citrio.com/windows
According to VirusTotal, the alert does not immediately appears. So I've attached an installer that is already flagged by Panda.
Best regards,
Jack Fain
[SOLVED] [04141422] No reply to false positive + constant alerts
[SOLVED] [04141422] No reply to false positive + constant alerts
- Attachments
-
- CitrioSetup 254 24 Panda.zip
- Alert: PUP/Citrio
- (576.91 KiB) Downloaded 385 times
Re: No reply to false positive + constant alerts
You may not receive a reply, because the lab received a lot of mail every day.
Re: No reply to false positive + constant alerts
I understand that. But I'd like to see some actions to be taken.
Also, the problem is not in removing a false positive from just one exe file. This proved to be futile in the past.
Also, the problem is not in removing a false positive from just one exe file. This proved to be futile in the past.
Re: No reply to false positive + constant alerts
So, will somebody at Panda check this and respond?
- VirusBuster
- Official moderator
- Posts: 7595
- Joined: Mon, 02 Apr 2012, 18:53
- Location: Panda HQ - Bilbao
Re: No reply to false positive + constant alerts
We have created the case 04141422 to study this issue
We'll keep you updated
We'll keep you updated
Regards,
Jorge Torre
TechSupport Department - Panda Security
I don't reply to private messages unless I have previously requested them
Jorge Torre
TechSupport Department - Panda Security
I don't reply to private messages unless I have previously requested them
- VirusBuster
- Official moderator
- Posts: 7595
- Joined: Mon, 02 Apr 2012, 18:53
- Location: Panda HQ - Bilbao
Re: [04141422] No reply to false positive + constant alerts
I have been checking with our laboratory and the detection as PUP (Potentially Unwanted Program) is correct due to its behavior
If you don't want to detect it you can disable the PUP detection from the antivirus settings, exclude it from the scan or restore the file from the quarantine what will create a exclusion
If you don't want to detect it you can disable the PUP detection from the antivirus settings, exclude it from the scan or restore the file from the quarantine what will create a exclusion
Regards,
Jorge Torre
TechSupport Department - Panda Security
I don't reply to private messages unless I have previously requested them
Jorge Torre
TechSupport Department - Panda Security
I don't reply to private messages unless I have previously requested them
Re: [04141422] No reply to false positive + constant alerts
Could you please explain what exact behavior in Citrio is triggering a PUP alert?
Re: [04141422] No reply to false positive + constant alerts
So, will I eventually get an answer?
- VirusBuster
- Official moderator
- Posts: 7595
- Joined: Mon, 02 Apr 2012, 18:53
- Location: Panda HQ - Bilbao
Re: [04141422] No reply to false positive + constant alerts
Well, I've installed it and from what I see, its a copy of Chrome with several extensions, but it also messes up Chrome settings and have to be restored to its defaults (message from Chrome itself)
Regards,
Jorge Torre
TechSupport Department - Panda Security
I don't reply to private messages unless I have previously requested them
Jorge Torre
TechSupport Department - Panda Security
I don't reply to private messages unless I have previously requested them
Re: [04141422] No reply to false positive + constant alerts
So does Panda AV consider every Chromium-based browser to be a PUP solely on this principle? That it looks like Chrome, but has an added functionality.
How does Citrio mess up Chrome settings?
We've never received any feedback or complaint from users regarding such experience.
Please attach a screenshot and we'll try to fix it.
How does Citrio mess up Chrome settings?
We've never received any feedback or complaint from users regarding such experience.
Please attach a screenshot and we'll try to fix it.