Four Js technical forum - GDC 3.20.22 Flagged as a virus

Subscribe for automatic updates: RSS

Help

Four Js Development Tools Forum > Discussions by product > GDC > GDC 3.20.22 Flagged as a virus

Most recent posts

Pages: [1]

« previous next »

Reply | Print

Author

Topic: GDC 3.20.22 Flagged as a virus (Read 9804 times)

Chris C.

Posts: 3

GDC 3.20.22 Flagged as a virus

« on: August 08, 2022, 04:43:22 pm »

Hello folks,

We just got this notice from Viper antivirus concerning the Four J�s client updater (fjsupdate) being blocked. Vipre thinks it is a known bad file.
I'd like to get some clarity here, is this an actual problem or a known false positive.

<?xml version="1.0" encoding="UTF-16"?>
<APEvent SchemaVersion="4.0.0"
DefaultConfig="false"
EventTypeEnum="2"
TimeoutInSeconds="0"
MonitorID="2003"
MsgID="{AF436CEC-0A30-47B6-B347-E3A6B5C23357}"
MonitorTypeEnum="2"
RecommendScan="true"
SDKVersion="12.3.0.20"
ThreatDefVersion="103302 - 7.92534"
APEventID="{A84C91CF-4F15-4DEC-9DCF-1C6F3DC1D3F9}"
IsAllowOk="true"
IsAllowAlwaysOk="true"
IsBlockOk="true"
IsBlockAlwaysOk="true"
IsQuarantineOk="true"
EventActorEnum="2"
EventDateTime="2022-08-07T21:06:39"
TransactionID=""
RemoteClientAddress="">
<ParentProcess FilePath="C:\Program Files\HP\Sure Click\servers\BemSvc.exe"
PID="2952"
FileSize="4318056"
MD5=""
CRC8="0000000000000000"
CobraPackHash="0000000000000000"
KnownAsEnum="0"
ThreatID="0"
ThreatName=""
ThreatLevel="0"
CategoryID="0"
CategoryName=""
AddedToUserKnown="false"
Company="HP"
FileVersion="4.3.11.45"
ProductName="HP Sure Click"
ProductVersion="4.3.11.45"
Description="HP Sure Click Endpoint Service"
Copyright="Copyright (c) 2011 - 2022, HP"/>
<FileMonitor FilePath="C:\Windows\Temp\tmp0000247d\tmp000073ec"
MD5="e1021d68b37a8fd3544f6b5e86418a86"
CRC8="0000000000000000"
CobraPackHash="0000000000000000"
KnownAsEnum="2"
ThreatID="20000001"
ThreatName="Gen:Variant.Tedy.182005"
ThreatLevel="1"
CategoryID="34"
CategoryName="Virus.Generic"
Company="Four Js Development Tools"
FileVersion="3.20.22-202205131619"
ProductName="fjsupdater"
ProductVersion="3.20.22-202205131619"
Description="fjsupdater"
Copyright="(c) Copyright 2002, 2022 Four Js Development Tools Europe Ltd."/>
<FinalDispositionInfo DispositionEnum="2"
AuthorityEnum="2"
QuarantineStatusCode="1"
QID=""
UserName=\\NT AUTHORITY\SYSTEM (file://NT%20AUTHORITY/SYSTEM)
ErrorEnum="0"/>
</APEvent>

Sisavanh S.

Posts: 80

Re: GDC 3.20.22 Flagged as a virus

« Reply #1 on: August 12, 2022, 02:02:27 pm »

Hi,

Thanks for reporting, we are investigating.

Best regards,
Sisa.

Sisavanh S.

Posts: 80

Re: GDC 3.20.22 Flagged as a virus

« Reply #2 on: August 23, 2022, 12:58:46 pm »

Hi,

After investigation, that is probably a false positive.
We have tested fjsupdater.exe on this web site https://www.virustotal.com/.
Where Vipre is also listed.
And it has not reported any threat.

As "fjsupdater" download files for the update, maybe one of the downloaded file is suspicious.
I wonder what this file is:
"C:\Windows\Temp\tmp0000247d\tmp000073ec"

I've filed a ticket to Wipre support: number 327732.
They are willing to help and check if that is a false positive but unfortunately I cannot replicate your issue.
If you can contact them and provided them with the required information that would be great.

Thanks in advance for your help.
Best regards,
Sisa.

Best regards,
Sisa.

Pages: [1]

Reply | Print

« previous next »