Jump to content

"CISCO AMP for Endpoints" has detected all recent versions of Paint.Net as virus.


Recommended Posts

Hello,
 
the Security Software "CISCO AMP for Endpoints" has detected all recent versions of Paint.Net as virus. But not right away, but when I saved a couple of images (mostly PNG) in a short time.
 
The reply of our IT department on that problem is:
"Hier wird eine KI in Kombination mit einem Sandboxing-Verfahren genutzt um das Verhalten einer Anwendung zu analysieren und zu bewerten. Hierbei werden sehr unterschiedliche Dinge betrachtet und es ist dann nicht nur das schnelle Speichern von Dateien die dann zur Sperrung führen. Vielmehr ist es so, dass Paint.Net wohl in seinem Gesamtverhalten ein paar Dinge tut, die die KI dazu veranlassen dass es sozusagen vorbelastet ist. Kommt dann noch eine Aktion wie zum Beispiel das schnelle Abspeichern von Dateien hinzu, bringt das quasi das Fass zum Überlaufen und Paint.Net wird in die Quarantäne geschoben weil es plötzlich in seiner Gesamtheit als bedrohlich eingestuft wird."


My (free) translation into English:
"A combination of KI and Sandboxing is used to analyse and evaluate the behaviour of the application. Very different things are considered and it's not only the fast saving of files that lead to a blocking. Paint.Net in its overall behaviour seems to do some things that lead to a classification of the application as risk, and the fast saving just seems to be the missing piece that eventually triggers the KI and the application is put into quarantine because it is then classified as a threat."
 
You might want to send your application to CISCO and ask for support on how to secure it against a false detection as virus.
 
Best regards
Tobias
 

Link to comment
Share on other sites

Maybe CISCO should stop detecting Paint.NET as a virus. It's their false positive, they can fix it.

 

In general I recommend not using any AV other than Defender. Everything else is a racket.

  • Upvote 2

The Paint.NET Blog: https://blog.getpaint.net/

Donations are always appreciated! https://www.getpaint.net/donate.html

forumSig_bmwE60.jpg

Link to comment
Share on other sites

  • 2 months later...
On 8/10/2021 at 7:04 AM, Rick Brewster said:

Maybe CISCO should stop detecting Paint.NET as a virus. It's their false positive, they can fix it.

 

In general I recommend not using any AV other than Defender. Everything else is a racket.

Yes, it's their fault. But unless someone complains, they don't care or don't even know about it.

I cannot complain, because I don't have control over the AV software. And our IT department just tells us "use Gimp instead". So I am stuck, until the developers of paint.net theirselves take action and modify their software or ask Cisco to modify their search engine.
 

Link to comment
Share on other sites

And how exactly would I modify the software to escape their false detections ... ? 🤷🏼‍♂️ Maybe I do find one thing to change, it passes, then the next month they flag it again anyway. There isn't exactly communication from them detailing what the problem is, it would just be complete guesswork. They have to fix their detection, otherwise it just runs me around in circles doing nothing productive. It's just a big waste of time unfortunately.

  • Like 1

The Paint.NET Blog: https://blog.getpaint.net/

Donations are always appreciated! https://www.getpaint.net/donate.html

forumSig_bmwE60.jpg

Link to comment
Share on other sites

Also, @TKnauss, you might look to see if you can use the "portable" version of the app, which does not require installation. Downloads are at https://github.com/paintdotnet/release/releases

The Paint.NET Blog: https://blog.getpaint.net/

Donations are always appreciated! https://www.getpaint.net/donate.html

forumSig_bmwE60.jpg

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...