Kaspersky antivirus detects FBackup as infected - False positive

You can ask general questions, share opinions or advices about FBackup
Softland
Posts: 1546
Joined: Thu May 23, 2013 7:57 am

Postby Softland » Fri Apr 16, 2010 4:13 pm

Problem: Kaspersky antivirus detected FBackup as infected and deleted the exe file. That is a false positive and we already contacted Kaspersky to fix that problem. In the meantime, we offer two solutions bellow.


Description: Example of Kaspersky log:

`Proactive Defense

-----------------

Events monitored: 4

Registry calls: 0

Blocked: 4

Start time: 4/15/2010 11:19:05 AM

Duration: 04:39:26


Detected

--------

Status Object

------ ------


Events

------

Time Name Events

---- ---- ------

4/15/2010 3:55:22 PM C:DOCUMENTS AND SETTINGSADMINLOCAL SETTINGSTEMPIS-3LE0P.TMPFBSETUP.TMP Process is trying to inject into another process. This behavior is typical of some malicious programs (Invader)

4/15/2010 3:55:22 PM C:DOCUMENTS AND SETTINGSADMINLOCAL SETTINGSTEMPIS-3LE0P.TMPFBSETUP.TMP "Quarantine" action is selected

4/15/2010 3:55:22 PM C:DOCUMENTS AND SETTINGSADMINLOCAL SETTINGSTEMPIS-3LE0P.TMPFBSETUP.TMP Forced to terminate the process.

4/15/2010 3:55:22 PM C:DOCUMENTS AND SETTINGSADMINLOCAL SETTINGSTEMPIS-3LE0P.TMPFBSETUP.TMP Error moving to Quarantine.

4/15/2010 3:55:22 PM R:BACKUP4ALL4.X4.4_203BNORMALFBSETUP.EXE Process is trying to inject into another process. This behavior is typical of some malicious programs (Invader)

4/15/2010 3:55:22 PM R:BACKUP4ALL4.X4.4_203BNORMALFBSETUP.EXE "Quarantine" action is selected

4/15/2010 3:55:22 PM R:BACKUP4ALL4.X4.4_203BNORMALFBSETUP.EXE Forced to terminate the process.

4/15/2010 3:55:22 PM R:BACKUP4ALL4.X4.4_203BNORMALFBSETUP.EXE Error moving to Quarantine.


Registry

--------

Time Application Key name Value name Data Data type Operation type Status

---- ----------- -------- ---------- ---- --------- -------------- ------


Settings

--------

Parameter Value

--------- -----

Application Activity Analyzer on

Registry Guard off`


Solution:



  1. In the Kaspersky report page, right click the suspicious file (FBackup.exe) and select "Add to trusted zone"

  2. or


  3. Open Kaspersky, click MySecurityZone - Applications (on the right).

    Select All in the dropdown list and scroll down to the bottom.

    Locate any applications related to FBackup and right-click them and click "change status" and select Trusted.

    Run FBackup again.



Return to “General”