Kaspersky removes odrive

epekarik · September 23, 2020, 1:11pm

Kaspersky 20.0.14.1085 (I)

Removed malware PDM:Exploit.Win32.Generic.nblk Application name: C:\Users\ep11424.odrive\bin\6709\odriveapp.exe Application path: c:\users\ep11424.odrive\bin\6709\odriveapp.exe Time: 9/23/2020 8:56 AM
23.09.2020 08.55.53 Terminated malware PDM:Exploit.Win32.Generic.nblk Application name: C:\Users\ep11424.odrive\bin\6709\odriveapp.exe Application path: C:\Users\ep11424.odrive\bin\6709\odriveapp.exe Time: 9/23/2020 8:55 AM
23.09.2020 08.55.53 Detected malware PDM:Exploit.Win32.Generic.nblk Application name: C:\Users\ep11424.odrive\bin\6709\odriveapp.exe Application path: c:\users\ep11424.odrive\bin\6709\odriveapp.exe Time: 9/23/2020 8:55 AM
23.09.2020 08.55.53 Blocked malware PDM:Exploit.Win32.Generic Application name: C:\Users\ep11424.odrive\bin\6709\odriveapp.exe Application path: c:\users\ep11424.odrive\bin\6709\odriveapp.exe Time: 9/23/2020 8:55 AM
23.09.2020 08.55.53 Detected malware PDM:Exploit.Win32.Generic Application name: C:\Users\ep11424.odrive\bin\6709\odriveapp.exe Application path: c:\users\ep11424.odrive\bin\6709\odriveapp.exe Time: 9/23/2020 8:55 AM
23.09.2020 08.55.37 Update of databases and application modules Completed. Average download speed:: 80.20 KB/s Status:: Completed. Downloaded and updated:: 966.23 KB Total duration: 40 seconds Time: 9/23/2020 8:55 AM

Tony · September 23, 2020, 3:38pm

Hi @epekarik,
Sorry about this.

I am trying to work with Kaspersky to stop these recent false positives. It is pretty strange since it seems to be entirely random. Our most recent version, 6714, does not get flagged by them. 6709 is flagged by them now, but it wasn’t when we released 4 days ago…

Here is the VirusTotal scan for 6714: https://www.virustotal.com/gui/file/1af710cbcdbdccef81d2b1dc1ce2cec1f6c40af239598ae92a649aa21069b6d6/detection

In any case, I can assure you that we do not have a “Exploit.Win32.Generic”, whatever that may be.

Can you try installing our latest version from here? https://www.odrive.com/downloaddesktop?platform=win

epekarik · September 23, 2020, 3:58pm

Tony,

As you requested, I installed 6714. So far it didn’t trigger Karpersky
thank you for your help
Endre

epekarik · September 23, 2020, 7:12pm

Sorry just got the message that Kaspersky removed 6714

Tony · September 23, 2020, 8:47pm

Hi @epekarik,
Thanks for informing me. Here is what Kaspersky is asking for for further troubleshooting on this. When you get a chance, do you think would be able to provide this information?

Specify the OS and Kaspersky product version where the detection is present

Send the screenshots showing both the filename and the verdict.

Send the trace log of the product. Here are the instructions for how to obtain trace logs How to get traces for Kaspersky products

Hopefully we can get this lifted ASAP.

Tony · September 25, 2020, 10:24pm

Hi @epekarik,
Just let me know if you’ll be able to send me the info above. I am attempting to get enrolled in their white-list program, as well.

epekarik · September 29, 2020, 1:15pm

Tony,
MS Win 10 Pro 10.0.18363 Build 18363
Kaspersky 20.0.14.1085 (I)

Attached screenshots

URL warning during download
kaspersky cleanup

where do I send the kaspersky trace files?

Tony · September 29, 2020, 3:49pm

Thanks @epekarik!

You can send the trace to me privately. Just click on my name and then click on “Message”

epekarik · September 29, 2020, 4:16pm

Tony,
the log file is zipped, still 132M upload rejects it due to size any other idea how to send it to you?

Tony · September 29, 2020, 4:29pm

Hi @epekarik,
Wow, I didn’t expect the traces to be that large. Can you upload using the odrive webclient and then create a shared link to it?

Sorry for the hassle.

epekarik · September 30, 2020, 7:34am

Tony, did you get the log? Is it usable?

Tony · September 30, 2020, 1:54pm

Hi @epekarik,
My apologies. I didn’t see you message yesterday. I followed-up in the direct message. Can you take a look when you get a chance?