Didier Stevens

Tuesday 16 June 2020

FalsePositive GitHub Repository

Filed under: Announcement — Didier Stevens @ 0:00

As I’m fed up with Google’s false positives on some of my tools on DidierStevens.com, I’m moving them to a new GitHub repository: FalsePositives.

FYI, here is their User Agent String:

Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US) AppEngine-Google; (+http://code.google.com/appengine; appid: s~virustotalcloud)

1 Comment »

  1. Today I was so surprised to see Windows Defender detected xorsearch.exe as Trojan. I had to reverse-engineer the binary to make sure it wasn’t any viral infection or supply-chains attack.

    The binary is clean and a lot of XOR activities may have tripped many wires for auto-detection on anti-virus product.

    @unixfreaxjp

    Comment by ☩MalwareMustDie (@MalwareMustDie) — Monday 7 December 2020 @ 8:08


RSS feed for comments on this post. TrackBack URI

Leave a Reply (comments are moderated)

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Blog at WordPress.com.