TKnauss Posted August 10, 2021 Share Posted August 10, 2021 Hello, the Security Software "CISCO AMP for Endpoints" has detected all recent versions of Paint.Net as virus. But not right away, but when I saved a couple of images (mostly PNG) in a short time. The reply of our IT department on that problem is:"Hier wird eine KI in Kombination mit einem Sandboxing-Verfahren genutzt um das Verhalten einer Anwendung zu analysieren und zu bewerten. Hierbei werden sehr unterschiedliche Dinge betrachtet und es ist dann nicht nur das schnelle Speichern von Dateien die dann zur Sperrung führen. Vielmehr ist es so, dass Paint.Net wohl in seinem Gesamtverhalten ein paar Dinge tut, die die KI dazu veranlassen dass es sozusagen vorbelastet ist. Kommt dann noch eine Aktion wie zum Beispiel das schnelle Abspeichern von Dateien hinzu, bringt das quasi das Fass zum Überlaufen und Paint.Net wird in die Quarantäne geschoben weil es plötzlich in seiner Gesamtheit als bedrohlich eingestuft wird." My (free) translation into English:"A combination of KI and Sandboxing is used to analyse and evaluate the behaviour of the application. Very different things are considered and it's not only the fast saving of files that lead to a blocking. Paint.Net in its overall behaviour seems to do some things that lead to a classification of the application as risk, and the fast saving just seems to be the missing piece that eventually triggers the KI and the application is put into quarantine because it is then classified as a threat." You might want to send your application to CISCO and ask for support on how to secure it against a false detection as virus. Best regardsTobias Quote Link to comment Share on other sites More sharing options...
Rick Brewster Posted August 10, 2021 Share Posted August 10, 2021 Maybe CISCO should stop detecting Paint.NET as a virus. It's their false positive, they can fix it. In general I recommend not using any AV other than Defender. Everything else is a racket. 2 Quote The Paint.NET Blog: https://blog.getpaint.net/ Donations are always appreciated! https://www.getpaint.net/donate.html Link to comment Share on other sites More sharing options...
TKnauss Posted November 1, 2021 Author Share Posted November 1, 2021 On 8/10/2021 at 7:04 AM, Rick Brewster said: Maybe CISCO should stop detecting Paint.NET as a virus. It's their false positive, they can fix it. In general I recommend not using any AV other than Defender. Everything else is a racket. Yes, it's their fault. But unless someone complains, they don't care or don't even know about it.I cannot complain, because I don't have control over the AV software. And our IT department just tells us "use Gimp instead". So I am stuck, until the developers of paint.net theirselves take action and modify their software or ask Cisco to modify their search engine. Quote Link to comment Share on other sites More sharing options...
Rick Brewster Posted November 1, 2021 Share Posted November 1, 2021 And how exactly would I modify the software to escape their false detections ... ? 🤷🏼♂️ Maybe I do find one thing to change, it passes, then the next month they flag it again anyway. There isn't exactly communication from them detailing what the problem is, it would just be complete guesswork. They have to fix their detection, otherwise it just runs me around in circles doing nothing productive. It's just a big waste of time unfortunately. 1 Quote The Paint.NET Blog: https://blog.getpaint.net/ Donations are always appreciated! https://www.getpaint.net/donate.html Link to comment Share on other sites More sharing options...
Rick Brewster Posted November 1, 2021 Share Posted November 1, 2021 Also, @TKnauss, you might look to see if you can use the "portable" version of the app, which does not require installation. Downloads are at https://github.com/paintdotnet/release/releases Quote The Paint.NET Blog: https://blog.getpaint.net/ Donations are always appreciated! https://www.getpaint.net/donate.html Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.