I am trying to create an "Anti-Virus Friendly" option for the next version of Katana. I know that some of the tools in Katana v1.5 are get detected by anti-virus as "hacker tools". If you have experienced issues with anti-virus please post the following:
1) What Anti-Virus was used(name & version number)?
2) Which files were flagged (file name & what it was labeled as)?
Which tools are being flagged by Anti-Virus?
Forum rules
- We do not condone any illegal activity what so ever.
- Any religious, political or pornographic references will not be tolerated.
- No soliciting/spamming will be tolerated.
- Breaking the forum rules may result in permanent ban.
We reserve the right to change any rules at any time for any reason.
- We do not condone any illegal activity what so ever.
- Any religious, political or pornographic references will not be tolerated.
- No soliciting/spamming will be tolerated.
- Breaking the forum rules may result in permanent ban.
We reserve the right to change any rules at any time for any reason.
3 posts • Page 1 of 1
Which tools are being flagged by Anti-Virus?
by .ronin » Fri Apr 02, 2010 1:34 am
Slay your enemies, Protect your home!
-
.ronin - Posts: 94
- Joined: Fri Oct 30, 2009 1:47 pm
Re: Which tools are being flagged by Anti-Virus?
by LoveSquid » Sun May 16, 2010 7:27 pm
First: Great job, nice collection of tools. I had created one similar that I have been using for about the last year, but yours is more complete and better put together. A very nice replacement for my indispensable flash drive tools.
Now to the issue at hand. To save myself having to type too much, I have removed the prefixes from Win32 to the left of the detection name and capitalization. (Unwntd.Win32.<whatever>):
Using Comodo v4.0
Angry IP: nettool.potscan
IEPassView: pswtool.netpass
MessenPass: pswtool.messen
MozCookieView: unclassified
MozNistView: risktool.mozillahistory
NetCat: remoteadmin.netcat
PasswordRecovery: unclassified
Ophcrack: unclassified
PasswordFox: pswtool.agent
ProduKey: toolprodkey
At this point I stopped Comodo from scanning the directory, but there were several more that were flagged. I'll post the rest when I get around to it.
Keep up the good work!
Now to the issue at hand. To save myself having to type too much, I have removed the prefixes from Win32 to the left of the detection name and capitalization. (Unwntd.Win32.<whatever>):
Using Comodo v4.0
Angry IP: nettool.potscan
IEPassView: pswtool.netpass
MessenPass: pswtool.messen
MozCookieView: unclassified
MozNistView: risktool.mozillahistory
NetCat: remoteadmin.netcat
PasswordRecovery: unclassified
Ophcrack: unclassified
PasswordFox: pswtool.agent
ProduKey: toolprodkey
At this point I stopped Comodo from scanning the directory, but there were several more that were flagged. I'll post the rest when I get around to it.
Keep up the good work!
- LoveSquid
- Posts: 1
- Joined: Sun May 16, 2010 6:57 pm
Re: Which tools are being flagged by Anti-Virus?
by edsmiley » Thu May 20, 2010 11:13 pm
Agreed, great work. I was at your presentation during SANS 560.
Here is what triggered for me:
1) Microsoft Security Essentials - 1.83.115.0
2)
Angry IP: nettool.potscan
IEPassView: pswtool.netpass
MessenPass: pswtool.messen
Hackview: Win32/PassView
All Medium Alerts: This program has potentially unwanted behavior (heh!)
Here is what triggered for me:
1) Microsoft Security Essentials - 1.83.115.0
2)
Angry IP: nettool.potscan
IEPassView: pswtool.netpass
MessenPass: pswtool.messen
Hackview: Win32/PassView
All Medium Alerts: This program has potentially unwanted behavior (heh!)
- edsmiley
- Posts: 1
- Joined: Thu May 20, 2010 11:04 pm
3 posts • Page 1 of 1
Who is online
Users browsing this forum: No registered users and 1 guest