Search

Update on Virus and Malware Scanning

Updated: Feb 13



Sometimes antivirus programs that use AI mark the NM Collector Software CP executable as a risk. This is the best explanation I have found for it from a fellow developer using the same tools that I am using:

"This has come up before. The packaged exe works by creating a new process (ie starting Java). This is seen as a possible threat by "AI" based antivirus/antimalware software. I had this problem with Malwarebytes. I reported this as a false positive and don't have the issue anymore."

NOTES:

  • These virus detection tools are constantly changing and there is no telling where they will go next.

  • The last time I checked (see links below) only one flagged a potential issue and it is a virus detection tool based on Machine Learning (ML).

Run even if Anti Viral Software on Windows Quarantines NMCollectorCP.exe


It is the executable that the anti-viral software sometimes misstates as dangerous, not like not the program. If for some reason your Windows computer decides to quarantine the NMCollectorCP.exe executable, and you do not want to recover it from quarantine, you can still run the program on your computer as follows.

  1. Browse to the extracted NMCollectorCP_Win directory

  2. Execute the run.bat file which runs the program without using the executable.


SentinelOne (Static ML) Static AI - Suspicious PE


I was unable to find a way to report a false positive for SentinalOne.


In previous articles I have discussed scanning for viruses and malware. In one of those articles I mentioned virustotal.com as an on-line scanning tool. My Mac and Linux deployments did not send up any flags in VirusTotal.


However, as I noted, the Windows files I submitted set off flags for some of the vendors on virustotal.com. These are most likely due to the fact that executables are a wrapper for the underlying java program. This looks like suspicious behavior to some virus and malware detectors. This was actually confirmed by MalwareBytes who did correct the problem on their end. Please see https://forums.malwarebytes.com/topic/277348-false-positive-machinelearninganomalous96/ for more information.


UPDATE: Here are the latest scan results for V 2.0.1


SentinelOne is the only vendor that flagged any of my software with (Static ML) Static AI - Suspicious PE.


NMCollectorCP.exe

VirusTotal - File - e45a8fa1cc400c2c0611c343745b7765ce57e462a909e65e80fa97d7b92e03dd


Setup NMCollectorCP.exe

VirusTotal - File - 3e4c9000305c5a143a8de06498febe328f4919197931b838a58b76d451114013


NMCollectorSoftwareCP_Win.zip

VirusTotal - File - 1d6996651eef5a07907a7a30f71164ca0173019e16a20f86f95daa523f163466


NMCollectorSoftwareCP_Mac.zip

https://www.virustotal.com/gui/file/8d75ee020fb24893b7280c9706ed04f24dde12447471147d0767124bab8dd07c


NMCollectorSoftwareCP_Linux.zip

https://www.virustotal.com/gui/file/49410bc49374dea1edaeb1b9ee965829e82f1ea35ddc55ad1b688db101455c9f


44 views0 comments

Recent Posts

See All