Kaspersky
Question

False positive: Dephi Program with TIdHttp will be reported as HEUR:Trojan.Win32.Agent.gen

  • 13 September 2019
  • 9 replies
  • 172 views

Hi,

Today, I use Delphi XE3 to develop a small test program which uses TIdHttp VCL control. After compiling the program, my Kaspersky reports the compiled EXE file as a virus HEUR:Trojan.Win32.Agent.gen .

I make some more tests, and find as long as the program uses TIdHttp VCL control, the compiled EXE will always be reported as a virus.

I belive this should be a false positive report. Has anyone else notice such a problem? And how to solve the problem?

9 replies

Userlevel 7
Badge +5
I use Delphi XE3 to develop a small test program which uses TIdHttp VCL control. After compiling the program, my Kaspersky reports the compiled EXE file as a virus HEUR:Trojan.Win32.Agent.gen .
I make some more tests, and find as long as the program uses TIdHttp VCL control, the compiled EXE will always be reported as a virus. I believe this should be a false positive report. How to solve the problem?

Hello @alanchcw,
Welcome!
Kaspersky VD, False/Positive analysis , upload the file, scan. If you disagree with the scan result, you can send the file or link to the AntiVirus Lab Experts, for further analysis using the Submit for analysis button on the scan result page.


Please note that files submitted for analysis must not exceed 35 MB.

IF file is >35mb, log into your MyKaspersky account, create an Incident request, .zip the file, label False-Positive.zip, upload with as much detail as possible, including operating system name, version, build & KIS version, build, patch(x) x = letter.

Thank you.
Hi,

Thank you. I have just sent the file to your lab. Hope you can fix the problem asap.
Userlevel 7
Badge +5
Thank you. I have just sent the file to your lab. Hope you can fix the problem asap.
Hello @alanchcw,
Thank you for posting back and submitting the issue.
Please let us know what the Lab advise when they present a solution?
Best regards🙏🏽

  • For clarity: It's not "my" lab, nor can I "fix" it.
Like you, I'm a member of the Kaspersky Comunity, (users of) Kaspersky software, all Community Members and Moderators, volunteer their time freely, to help all/other Community members.
There's a small team of Kaspersky employees - all of whom are clearly identifiable, bc, their profile shows "Kaspersky Lab Employee".
The Kaspersky Lab, Technical Support Team, are a totally separate entity.
Hi, @FLOOD ,

Sure. By now, I do not get any responses from Kaspersky yet.
Userlevel 7
Badge +5
Hi, @FLOOD , Sure. By now, I do not get any responses from Kaspersky yet.
Hello @alanchcw,
Thanks for posting back🙏🏽
How did you contact the Lab and what is the INC# request number they provided for your case please?
Please let us know?
Thank you.
Hi, @FLOOD

I use the virusdesk link you offer, then upload the file. There is no INC# request number at all.
Userlevel 7
Badge +5
Hi, @FLOOD I use the virusdesk link you offer, then upload the file. There is no INC# request number at all.
Hello @alanchcw,
Thanks for posting back.
When you uploaded the file, did you also enter your email address?
IF "yes" please check junk mail folder as responses from Kaspersky may be there.
Please let me know?
Thank you🙏🏽
Hi, @FLOOD

I think I input my email but no reply from Kaspersky lab yet. I have checked the spam folder.

How long will it take for them to response?

This is not like a ticket so it is not convenient to check the progress.
Userlevel 7
Badge +5
Hi, @FLOOD I think I input my email but no reply from Kaspersky lab yet. I have checked the spam folder. How long will it take for them to response? This is not like a ticket so it is not convenient to check the progress.
Hello @alanchcw,
Thank you for posting back.
If the email address was not "input" Kaspersky don't "know".
My suggestion, zip the file, label the zip folder Malware-FalsePositive.zip, log into the MyKaspersky.com web portal, create a ticket, use template Malware, False Positive, provide all the detail you've provided here, upload the zip - attach it to the ticket AND, from your KIS application, export the KIS REPORT that shows HEUR:Trojan.Win32.Agent.gen, save the report as a TEXT file and upload that with the ticket.
Best regards

Reply / Ответить