Talpiot Apr 21, 2016 @ 11:47pm
Antivirus False Positive or Not
att: to whom it may concern @ Valve Corp.

Regarding: Steam Client detected as PUP / Malware with FortiNet UTM / FortiClient

Noticed today looking through FortiNet UTM Enterprise logs an entry regarding SteamClient being detected as PUP. To double check I dropped the SteamClient in a sandbox with FortiClient. Here are the log entries.

Sandbox with FortiClient
time: 04/21/16 23:49:35, virus found: Adware/BrowserFox, action: Failed to quarantine, \??\C:\Users\WhiteBeach\Downloads\SteamSetup.exe

FileName: SteamService.exe
Original Location: C:\Program Files (x86)\Steam\bin
Quarantined: 2016/04/21 15:24:46
Submitted: Submitted
Status: Quarantined
Virus Name: Adware/BrowserFox
Quarantined By: Realtime Protection

Please advice and look into this most likely false positive.
If no appropriate action is taken in the near future your ip reputation will plummet and most likely also get IPS signature tagged.

Good luck

Something went wrong while displaying this content. Refresh

Error Reference: Community_9708323_
Loading CSS chunk 7561 failed.
(error: https://community.cloudflare.steamstatic.com/public/css/applications/community/communityawardsapp.css?contenthash=789dd1fbdb6c6b5c773d)
Showing 1-3 of 3 comments
Originally posted by Talpiot:
Please advice and look into this most likely false positive.
If no appropriate action is taken in the near future your ip reputation will plummet and most likely also get IPS signature tagged.

Good luck
It rather speaks about fortinet when they keep false positives.
 KARR™ Apr 22, 2016 @ 11:47am 
There was a post a few days ago about the client being placed into a multi-application checker. 3 out of 60 marked it as a virus. Either the 57 well known checkers are actually total rubbish and fail to check things properly and miss things - OR - the others are seeing things that aren't there!

The End Apr 22, 2016 @ 12:01pm 
Originally posted by Talpiot:
most likely false positive.
If no appropriate action is taken in the near future your ip reputation will plummet and most likely also get IPS signature tagged.
Good luck

You ask/demand Valve to fix an error that your AV is making?

It's your AV that is at fault, contact them to fix it, Valve has no way to fix errors of this kind.

Originally posted by Talpiot:
FileName: SteamService.exe
Original Location: C:\Program Files (x86)\Steam\bin
Quarantined: 2016/04/21 15:24:46
Submitted: Submitted
Status: Quarantined
Virus Name: Adware/BrowserFox
Quarantined By: Realtime Protection

I've just scanned my steamservice.exe
https://www.virustotal.com/en/file/b1a70a30787080474e901e4743996eee4fcd09bedbba89ce57acae05a67907ab/analysis/1461326924/

All came up clean, even Fortinet, could it be your "licens" or Fortinet that needs to be updated.

Edit:
https://www.virustotal.com/en/file/1937aca071ddea5fe52011672dbcc8bb1bd0f7be68cf383db5f3818274475780/analysis/
I've reported it to Fortinet, McAfee and Cyren, let's see if they remove it or continue to look daft.

Edit2:
Got a really fast answer from Fortinet.
Hi,

We have discussed the issue you have raised and have noted a False Positive detection on a file named SteamSetup.exe with md5: 29a81479aa8f1b8e0bda041db07b97bc. We sincerely regret for any inconvenience this might have caused you. We have pushed an update AV DB 34.145 to solve this issue. Please rest assure that we take pride in the quality of our service and product, and rare instances like this occur due to complexity of file structures.

If you have any further concern, please do send us a mail and we will immediately assist you.

Best Regards,

AV Lab

Edit3:

https://www.virustotal.com/en/file/1937aca071ddea5fe52011672dbcc8bb1bd0f7be68cf383db5f3818274475780/analysis/1461396295/

Cyren and Fortinet has fixed the problem, but McAfee seems to not care, any way 2 out of 3 aint that bad :)
Last edited by The End; Apr 23, 2016 @ 7:27am
Showing 1-3 of 3 comments
Per page: 1530 50

Date Posted: Apr 21, 2016 @ 11:47pm
Posts: 3