1 2 Previous Next 11 Replies Latest reply on Nov 22, 2014 1:47 PM by catdaddy

    Problems with NSIS

    sheridan

      I have made a simple program using NSIS that opens a window just to demonstrate that Mcafee picks it up as Artemis!870717C635DC and BehavesLike.Win32.Dropper.nh

       

      Below is the coding I used

      ```````````````````

      Unicode true

      RequestExecutionLevel admin

       

       

      Function .onInit

       

       

          MessageBox MB_YESNO "are you sure you want to install this application?" IDYES true IDNO false

       

       

          true:

              DetailPrint "it's true!"

              Goto next

       

       

          false:

              DetailPrint "it's false"

       

       

          next:

       

       

      FunctionEnd

       

       

      Section xxxxxxxxx

       

       

      SectionEnd

      ``````````````````````````

       

      I am submitting this for false positive again since the problem was never solved when it comes to NSIS

        • 1. Re: Problems with NSIS

          Please don't submit junk like this - it just wastes everyones time. Are you seriously asking us to whitelist this program for 130million users?

           

          We are not going to whitelist NSIS packages generally. Unfortunately it's used to install malware as well as legitimate software.

           

          IF you have genuine software being flagged then by all means submit it - this example is just pointless.

          • 2. Re: Problems with NSIS
            sheridan

            This program is pointless, that is true and I have already mentioned that this is a test program just to demonstrate many programs that use nsis get flagged as threats by mcafee but no problem with other AVs. Also you should mind your language since you are a moderator here in this forum. This program might be pointless but as an example this is perfect, I never ask anyone to white list this particular program but asked why each and every program made with nsis detects as a threat mainly by mcafee. 

            • 3. Re: Problems with NSIS
              alexhilda

              What is the point of this program, clearly it does nothing however if you could post the virustotal analysis, this can be viewed easily. I have had the same problems with many programs made with NSIS. File a false positive and let them know about Safeboot's response as well since the way he talks.

              • 4. Re: Problems with NSIS

                II'm sorry if you are offended by my blunt  response, but understand that by submitting this you stopped a researcher looking at a genuine  Artemis response problem. Some real person stopped doing useful research and did something that added no value to anyone. Perhaps you can understand my frustration?

                • 5. Re: Problems with NSIS
                  sheridan

                  Here is the Virus Total Analysis - https://www.virustotal.com/en/file/1ff01ccb67e48384bb2c0a5540c9acbfc7277c60a7fa8 b350b28dae4d654f111/analysis/1416282035/

                   

                  Again both of you missing the point I am making here, This program is completely pointless, I am just saying no matter how pointless or worthwhile a program could be, still getting flagged as a threat by Mcafee. Why other AVs do not detect this as a threat, simply because they have a more sophisticated algorithm to scans files through, most importantly they are very alerted with false positives.

                   

                  I repeat I am not talking about this particular program but programs made using NSIS as a whole. However I am glad that I cannot see Artemis detection any more yet Behaveslikewin32 persists

                  • 6. Re: Problems with NSIS
                    alexhilda

                    Yeah when you submit attach the virus total analysis as well, I am quiet sure if anything they will white list this program too but won't look at the big picture where all the programs getting detected. 

                    • 7. Re: Problems with NSIS
                      neelakurdinger

                      You are saying NSIS programs are not useful? This is a detection that means no sense whatsoever. Either mcafee should be able to response to false submissions or stop detecting everything, period.

                      • 8. Re: Problems with NSIS

                        Of course not - I am telling you that creating pointless NSIS packages and submitting them because they are detected as behaving and acting like malware is not helping in any way to prove your point.

                         

                        Artemis and and the behavioral engines are looking at the package and determining that it looks suspicious. Submitting more of the same isn't going to change that - in fact it's probably strengthening the argument.

                        • 9. Re: Problems with NSIS
                          neelakurdinger

                          But why only mcafee? Why not Symantec? Why not Bitdefender ?

                           

                          Why all other AVs scans programs through and say it is harmless yet only mcafee detects'em all. I don't know weather to compliment or complaint

                          1 2 Previous Next