Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 1 subscriber
  • Views 20085 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

FALSE POSITIVE DETECTION

vikimaxx

Hello,

Our program has been flagged as a PUP by Sophos virus guard. Upon false positive analysis we were informed that Sophos categorized it as a PUP/PUA due to the fact that it is bundled and also claims that it captures user history and browser data.

First of all , we would like to say that we do not capture user data except for SERP information. Also our EULA doesn't hint at anything related to it.

Secondly, this application comes as bundled as well but it will be installed with user's acknowledgement and acceptance. Programs like Yandex that is bundled and free are not flagged as PUP/PUA by Sophos.

We require proof from Sophos why only ours is flagged as PUP/PUA, also we require proof for the categorization of PUP/PUA in the first place. 

:57357


This thread was automatically locked due to age.
  • 0

    We know what a PUA/PUP is, but the problem is, our program is not an adware, dialer, remote administration tool or a hacking tool.

    It is known as Ninja Loader and it is a completely safe program to work on any environment, which is why we ask for proof from Sophos because it clearly seems like the false positive division falsely classified us as PUP.

    There are many other applications free and bundled which aren’’’’t detected as malicious by Sophos, applications like Yandex

    We have the right to demand proof for Sophos classification. Please have this issue escalated since email support went unresponsive when we asked  for proof which is a bit unprofessional by the way

    :57365
  • 0

    Hello.

    I'm using NinjaLoader for a long time and actually it's great tool to download any type of files. It was recommended as free and easy to use software. It doesn't look as PUA, and I'm totally satisfied with this product. For me it's one of utilities on my PC and in fact, I can't understand why Sophos Virus Guard still detects it as malware and it became really annoying. So, in my opinion, Sophos must be able to provide a reasonable explanation and provide proof of categorizing an application as a PUA because this is not a PUP or PUA.

    :57378
  • 0

    Hello,

     
    I completely understand Sophos Classifications of PUAs. 
     
    As you have mentioned in case (a) our application does not belong to Dialers, Remote Admistrations tools and Hacking tools.
     
    In the case (b) we have found out one application that was partnered with Ninja Loader and is a PUA as well. We stopped our partnership with them and Ninja Loader is no longer partnered with that application.
     
    Now I believe we have the full right to have this application white listed from the PUA category since we do not belong to either reason (a) or (b)
     
    Provide us clear information on how to have this application white listed from PUA category 
     
    Thank you and we are looking forward to having a response as soon as possible.
    :57417
  • 0

    I don't know what your application is and what it does, but you need to realise what "potentially" means.  Anyone who has this feature enabled in Sophos products will also have it configured to either alert only, or allow programs that they want to use.  Bear in mind the classification also says 'potentially unwanted', not 'potentially malicious'.  As an example, Steam may be a great program used by a lot of people (myself included, at home), but I still don't want it on my network.

    Edited to add: Okay, I've just Googled your product, and while it may have some legitimate use, the fact that the first page of results is full of removal instructions isn't very convincing :smileyindifferent:   However, the point still stands that I would not want this program on my network, so while I appreciate that other people will, in this case 'potentially unwanted' still applies.

    :57426
  • 0

    Agree with the previous poster. Besides, if you want to get things straightened away, why go on the public forum and start to rant. Ever think of using the link on the top right "contact us"

    :57437