Hi,

One of my favourite programs is HostsMan, having just updated it to the new release HostMan 2.01 Antivir is going bananas and keeps badgering me to deny acces to or delete a pargticular file in HostsMan called hm.exe. It is a reputable program and has built up a good name for being so, proud of it's status of containing no spyware or viruses. Therefore, I was convinced this must be a false positive within Antivir. To check it out further I subjected to file with Jotti's online scanner and the report is as follows:

Hi happyshiner,

how did you configured your Heuristic settings?

Send this file as an attachment to heuristik@antivir.de. This should be packed with WinZip or WinRar etc. Don't forget to give this attachment a password and tell it in your email.

HappyShiner,

This clearly looks like a false positive, so you should do as mav suggests above.

In the meantime though, there are a couple of things you can try. If it is the Guard finding this file you could try configuring the settings to reduce or switch off Heuristics. Alternatively, if this program has a process listed as running in Task Manager, you can enter the process in the Guard's 'filter' so that AntiVir will exclude it from realtime scanning.

You can also exclude the relevant file from demand scans with the main program; though in this case it will be the file you exclude and not the running process.

Let us know if the above works and also what H+BEDV have to say when you submit the file to them - they are usually quite quick to remedy this sort of thing.

Hi there and thanks for all the advice

It's not the real time scanner that's the issue by the way, rather the guard. It pops up over and over waring me of the file, but selecting 'allow file' never seemed to make a difference so in the end I had to select 'Deny Access'. In the event Antivir didn't like it and it crashed twice and twice I was left with no other option then to cold boot as everything had froze solid.

I'll try fiddling with the settings as you've suggested and see if that helps, I'll also get that file zipped off to the email you've supplied.

Incidentally my Heuristics were set to medium (although I may switch that to low for the time being).

I'll get back to you on whether that works and whether I'm then able to run HostsMan. Also I'll let you know about the reply to my email

Big Smiles

HS

Good luck HappyShiner!

If I remember correctly, the default setting for the Guard is to have Win32 Heuristics disabled - so you should not feel too bad about switching it off, if you need to do that.

Hi there,


Ahh, I didn't know that, I'll do that right now. FYI I've also zipped the file and sent it off to Antivir

Big Smiles

HS

Hi there,

Wow, you were right about them being quick on the ball. I've got a reply from Stefan already:

I'm relieved that one of my favourite programs isn't bad and is going to get addressed in an AntiVir update.

But now I'm left with a new mystery. Do you think I ought to contact the authors of HostMan and ask them why memory manipulation is needed in the code?

Thanks for the help

Big Smiles

HS

_________________
[img]http://serve.dynasig.net/926.gif[/img]
DynaSig: Free Dynamic Forum Signatures

"Dogs are Running wild in the street...I just can't take it anymore!"

Good to hear H+BEDV are on the ball about this.

Hi there,

I suppose it's more curiosity rather then fear of any problem

But I'm happy now anyway and everything has been resolved as far as I'm concerned

Big Smiles

HS

Hi,

good to hear that this false positive have been fixed so fast.

Thanks Mav,

and today's Antivir update has fixed the issue

Big Smiles

HS