False positive with Adobe Flash Player

Hello Charles,

scanning is not a trial but a protective measure and doubt is advisable in the opposite direction. Incredible is often the first reaction when hearing stories like Security firm RSA warns that its servers have been hacked, Malware compromises USAF Predator drone computer systems or Security breach: Kernel.org and Linux Foundation remain "temporarily unavailable". And Adobe Flash security update for Windows, Mac, Android, Linux and Solaris users for example shows that Adobe is (like the rest of us) not perfect. So why should it be unthinkable that a major vendor's site is (temporarily) compromised? OTOH no one doubts or denies the existence of false positives. But doubt should be used very carefully in a "final decision".

Unfortunately your post is lacking most details. First - which trojan was (perhaps falsely) detected? Second - what has been scanned? Even assuming you've downloaded the installer for your OS and as this is the MacHomeAV forum there are two downloads. Third - which version of Sophos? Using 7.3.4 I've scanned both the MacOS as well as some Windows downloads and none has been flagged. Of course if it was a false positive it's very likely that a correction has been issued in the meantime (and if indeed it was on Adobe's site - which I more than doubt as it would be in the news by now - it could have been replaced). There is a third possibility: you haven't visited Adobe's site (which I don't imply - but that's how the Flashback trojan is distributed).

If you think you've encountered a false positive you should submit a sample.

Christian

Hello Charles,

scanning is not a trial but a protective measure and doubt is advisable in the opposite direction. Incredible is often the first reaction when hearing stories like Security firm RSA warns that its servers have been hacked, Malware compromises USAF Predator drone computer systems or Security breach: Kernel.org and Linux Foundation remain "temporarily unavailable". And Adobe Flash security update for Windows, Mac, Android, Linux and Solaris users for example shows that Adobe is (like the rest of us) not perfect. So why should it be unthinkable that a major vendor's site is (temporarily) compromised? OTOH no one doubts or denies the existence of false positives. But doubt should be used very carefully in a "final decision".

Unfortunately your post is lacking most details. First - which trojan was (perhaps falsely) detected? Second - what has been scanned? Even assuming you've downloaded the installer for your OS and as this is the MacHomeAV forum there are two downloads. Third - which version of Sophos? Using 7.3.4 I've scanned both the MacOS as well as some Windows downloads and none has been flagged. Of course if it was a false positive it's very likely that a correction has been issued in the meantime (and if indeed it was on Adobe's site - which I more than doubt as it would be in the news by now - it could have been replaced). There is a third possibility: you haven't visited Adobe's site (which I don't imply - but that's how the Flashback trojan is distributed).

If you think you've encountered a false positive you should submit a sample.

Christian