View Issue Details

Jump to Notes
IDProjectCategoryView StatusDate SubmittedLast Update
0000153NoteFlybugpublic2012-03-18 19:312019-10-26 10:41
ReporterD9ping Assigned To 
PriorityhighSeverityminorReproducibilityN/A
Status resolvedResolutionno change required 
Summary0000153: NoteFly setup reported as Suspicious.Emit. (false positive)
DescriptionNoteFly is reported as Suspicious.Emit by Symantec Anti-virus. This is a false positive.
Additional InformationNSIS installer is causing a lot of false postives.
For more information see http://nsis.sourceforge.net/NSIS_False_Positives
TagsNo tags attached.

Relationships

parent of 0000188 assignedD9ping Codesign NoteFly setup and main executable. 
related to 0000162 closedD9ping Changed setup compression algorithm from lzma to zlib. 
Not all the children of this issue are yet resolved or closed.

Activities

D9ping

2012-03-18 19:32

administrator   ~0000119

Reported NoteFly 3.0.0 for whitelisting.

D9ping

2012-03-28 17:40

administrator   ~0000124

Last edited: 2012-05-04 16:14

 Also reported NoteFly 3.0.1 for whitelisting.



To address NoteFly being again reported as false positive virus in the future,

i'm going to stop using LZMA compression on the NSIS installer.

D9ping

2012-04-13 17:25

administrator   ~0000127

Last edited: 2012-06-02 13:41

 NoteFly 3.0.0 and NoteFly 3.0.1 are added to whitelist.

D9ping

2012-08-28 00:08

administrator   ~0000141

Last edited: 2012-08-28 00:12

 Bug report reopened,
Setup version 3.0.3 again reported as Suspicious.Emit by Symantec and HeurEngine.ZeroDayThreat by PCtools.

Applied for white listing.

D9ping

2012-09-16 14:42

administrator   ~0000142

NoteFly 3.0.3 setup added to whitelist.

D9ping

2013-05-12 16:39

administrator   ~0000150

Last edited: 2016-05-17 23:52

 NoteFly 3.0.4 causing false positives.
 Reference https://www.virustotal.com/en/file/26747d48b7080a0bdacc42668b4ef5e9ae1dd2181f979fcf5336f6c1800c2906/analysis/1368369327/

<pre>
AV: False positive:
<del>PCTools HeurEngine.ZeroDayThreat</del>
Symantec Suspicious.Emit
<del>TrendMicro-HouseCall TROJ_GEN.F47V0515</del>
<del>VBA32 suspected of Crafted.Win32File.OLS</del>
<del>Emsisoft Trojan.Generic.10008038 (B) </del>
McAfee-GW-Edition BehavesLike.Win32.Tool.dc
</pre>

D9ping

2013-05-16 17:09

administrator   ~0000152

Last edited: 2015-05-08 17:39

 NoteFly 3.0.5 causing false positives. Reference https://www.virustotal.com/nl/file/2bc5402c1ee3c38a64a1116247d267df170e4527f89865a0bef4153e89a7f740/analysis/

<pre>
AV: False positive:
<del>PCTools HeurEngine.ZeroDayThreat</del>
<del>Symantec Suspicious.Emit</del>
<del>TrendMicro-HouseCall TROJ_GEN.F47V0515</del>
<del>VBA32 suspected of Crafted.Win32File.OLS</del>
</pre>

D9ping

2013-06-27 23:18

administrator   ~0000164

Last edited: 2019-10-26 10:41

 I'm going to try to get a code signing certificate so false positives are less likely.

D9ping

2013-07-11 11:19

administrator   ~0000171

Last edited: 2019-10-26 10:38

 NoteFly 3.0.7 causing false positives. Reference https://www.virustotal.com/en/file/62cb5efaf646445ba5103686f4aff3f83d8af0a585f2193d17e259e85ffce60b/analysis/


<pre>
AV: False positive:
Trapmine Suspicious.low.ml.score
<del>PCTools HeurEngine.ZeroDayThreat</del>
<del>Symantec Suspicious.Emit</del>
<del>TrendMicro-HouseCall TROJ_GEN.R047H01G913</del>
</pre>