Virustotal & Eset false positives for version 5.8.200?

This forum can be browsed by the general public. Posting is limited to current SAPIEN license holders with active maintenance and does not offer a response time guarantee.
Forum rules
DO NOT POST LICENSE NUMBERS, ACTIVATION KEYS OR ANY OTHER LICENSING INFORMATION IN THIS FORUM.
Only the original author and our tech personnel can reply to a topic that is created in this forum. If you find a topic that relates to an issue you are having, please create a new topic and reference the other in your post.

Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
This topic is 2 years and 2 months old and has exceeded the time allowed for comments. Please begin a new topic or use the search feature to find a similar but newer topic.
ps_scripter
Posts: 1
Last visit: Tue Feb 15, 2022 3:26 pm

Virustotal & Eset false positives for version 5.8.200?

Post by ps_scripter »

Product, version and build: Powershell Studio 5.8.200
Operating system: Windows 10
PowerShell version(s): 5.1.19041.1320

*** Please add details and screenshots as needed below. ***

I tried installing PS Studio 5.8.200 today and it was blocked by Eset 9.0.02032.6 with the message below:

**ImportModuleHelp.exe has Win32/AtlasVPN.A potentially unwanted application

I then uploaded the installer to Virustotal and got two more hits:

**Virustotal reports: Malware.Win32.Gen.oa!s1 and Trojan.Stealer.Win32.21178

Has anyone encountered this before? I am guessing these are false positives, but it would be nice to get confirmation.
User avatar
Alexander Riedel
Posts: 8478
Last visit: Tue Mar 26, 2024 8:52 am
Answers: 19
Been upvoted: 37 times

Re: Virustotal & Eset false positives for version 5.8.200?

Post by Alexander Riedel »

As always, we do not know what happens on your machine and you should always confirm any positive result with your antivirus vendor.
I uploaded our original source file to virustotal and I get BitDefenderTheta and SecureAge APEX flagging it for different things.
For the installer I get a positive on Gridinsoft and Zillya for two different things.

Unfortunately, this is not uncommon. If something is truly infected, it usually shows up on far more than 2 out of 66 engines.
Additionally, if the engines disagree on what something is afflicted with, it usually turns out to be a false positive.
Last but not least, and I do not want to step on anyone's toes here, I simply would trust the main stream vendors more than the more obscure ones.

But as stated in the beginning, stick to due diligence and submit YOUR files to YOUR antivirus vendor for confirmation.
Alexander Riedel
SAPIEN Technologies, Inc.
This topic is 2 years and 2 months old and has exceeded the time allowed for comments. Please begin a new topic or use the search feature to find a similar but newer topic.