Read first: Previous version support information

Kaspersky reported PUS:RiskTool.Win32.Deleter.p in 1Password's update file [False positive]

wene37
wene37
Community Member
edited June 2015 in 1Password 4 for Windows

Hi guys

I just wanted to download the update to 1Password for Windows 4.5.0.575 from https://cache.agilebits.com/dist/1P/win4/1Password-4.5.0.575.exe. But my antivirus blocked it with the following message:

Content contained "PUS:RiskTool.Win32.Deleter.p" virus. Details: Virus: PUS:RiskTool.Win32.Deleter.p; File: 1Password-4.5.0.575.exe; Sub File: /av.tmp//data1025; Vendor: Kaspersky Labs; Engine version: 8.2.5.17; Pattern version: 150623; Pattern date: 2015/06/23

Can you please re-check your file and confirm that it does not contain any virus?

Thanks,
Thomas

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • AlexHoffmann
    AlexHoffmann

    Hi @wene37,

    Thanks for bringing this to our attention. First of all I can tell you that there's no reason to be alarmed; this is a false-positive.
    Unfortunately Kaspersky falsely detecting the updater file as a 'PUS' (Potentially Unwanted Software) is a common occurrence at this point.

    I've had the file scanned on VirusTotal, a site that let's you analyse a file or URL using all major virus detection engines, and only Kaspersky is reporting it.

    I've reported the false-positive to Kaspersky and I would like to ask you to do the same on this site.

    Cheers!

  • wene37
    wene37
    Community Member

    Hi @AlexHoffmann
    Thanks for checking this and your message. I've reported this false-positive on the Kaspersky website.
    Best regards,
    Thomas

  • LauraR
    LauraR

    @wene37 - on behalf of Alex, you are very welcome and thanks for reporting the issue to Kaspersky.

  • NoiseGUI
    NoiseGUI
    Community Member

    Just got another Kaspersky Alert, and Did the Totalscan as mentioned above. 2/54 ratio. Good info to use. Two false positives to report. Fortinet saying Riskware and Kaspersky saying Malware

    Here is the TotalScan Link.
    https://www.virustotal.com/en/file/a8d35c3076a3cf980c041393a13a735fd845c2b766aaa1a6784a41f949a8e286/analysis/

    Here is the report from HitpmanPro regarding Kaspersky saying the update is malware:
    Properties
    Name 1Password-4.6.0.582.exe
    Location C:\Users\dmorgan\AppData\Local\Temp
    Size 10.4 MB
    Time 0.7 days ago (2015-07-15 23:56:03)
    Authenticode Self-signed
    Entropy 8.0
    Product 1Password
    Publisher AgileBits
    Description 1Password Setup
    Version 4.6.0.582
    RSA Key Size 2048
    LanguageID 0
    SHA-256 A8D35C3076A3CF980C041393A13A735FD845C2B766AAA1A6784A41F949A8E286

    Detection Names
    Kaspersky not-a-virus:RiskTool.Win32.Deleter.p

    Scoring (108.0)
    One or more antivirus vendors have indicated that the file is malicious.
    Program is code self-signed.
    Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
    Time indicates that the file appeared recently on this computer.

  • MikeT
    MikeT

    Hi @NoiseGUI,

    Thanks, we'll report the false positive to Kaspersky again. If you can, please also report the false report here: http://newvirus.kaspersky.com/

    We're working with them to try to prevent more of these in the future.

This discussion has been closed.