Search

Virus and Malware Detection

Updated: Feb 13



Sometimes antivirus programs that use AI mark the NM Collector Software CP executable as a risk. This is the best explanation I have found for it from a fellow developer using the same tools that I am using:

"This has come up before. The packaged exe works by creating a new process (ie starting Java). This is seen as a possible threat by "AI" based antivirus/antimalware software."

I can assure you that I have no intention of nefarious activities with my code. However, what good are assurances these days? Also, what guarantees do you (and I) have that some dependency in my code does not introduce some sort of virus or malware? Fortunately, for us there are ways to detect bad actors.


One way is to install anti-virus software on your computer. This is my standard approach for any downloads to my computer. Before opening a downloaded file you can run your virus detection software on it. I like Norton for this but you may prefer another. Some people run many virus/malware detection applications at once but this is not recommended because they may interfere with one another.


There are also sites that you can upload a file to and they will analyze it for you. An industry standard, used by many corporate teams, is VirusTotal.com. They run the uploaded software against 70 (or so) anti-virus/malware vendors and report the results. This is a popular tool used by corporations and software developers like myself but anybody can use it.


I have uploaded my software to that site. You can view the results in these links:


NOTE: These links are out of date and no longer apply. I am keeping them here for historical purposes. Please see my Update blog entry for the latest.


NMCollectorSoftwareCP_Win.zip

https://www.virustotal.com/gui/file/1b4d4599c836f88d6d80b9a59fb93905c41ac006bc070ad8af69be91bb068ce2/detection


NMCollectorSoftwareCP_Mac.zip

https://www.virustotal.com/gui/file-analysis/NWQ1YzViNTY3NGMwMDRlMzRhNDE5NjZiNzc1N2JlNjI6MTYyODI1NjUzNQ==/detection


NMCollectorSoftwareCP_Linux.zip

https://www.virustotal.com/gui/file/984515816d04a38e245bfc5c0310fac82f8a589a5bb6e7881b1572e4b2347a5b/detection


You will note one hit for the Windows release and no hits for the others. This is with a company called Elastic. I actually know about this company but not from the security world. They started out as a search tool built upon the Lucene index. I used Solr which is another product built on the Lucene index. Solr and Elastic used to leap-frog each other in terms of search capability but Elastic has pulled way ahead and is becoming a solid competitor in the search world with a relatively new emphasis on machine learning. However, they are quite new to security.


In our modern world of machine learning, some algorithms can produce false positives where the algorithm thinks a virus or malware was detected when there really is none. You see, with machine learning, many algorithms are trained on selected data that is supposed to represent either what they want to detect or what is normal so exceptions can be called out. Unfortunately, this training data is not always 100% complete and machines can make mistakes. That is why often human intervention is required to fine tune the algorithms and/or the training data. In the interim, people can be mislead by the false results.


I have contacted Elastic and requested a review of my software so they can either verify their finding or adjust their training data and/or algorithm to remove this false positive.


What is your experience with NMCollectorCP? Are you seeing any detection of viruses or malware on your systems? If so, I would really like to know about it so I can investigate. Please feel free to post your findings here.


Thank you!



25 views0 comments

Recent Posts

See All