Kaspersky antivirus detects FBackup as infected - False positive

You can ask general questions, share opinions or advices about FBackup
Post Reply
Adrian (Softland)
Posts: 1921
Joined: Thu May 23, 2013 7:57 am

Post by Adrian (Softland) »

Problem: Kaspersky antivirus detected FBackup as infected and deleted the exe file. That is a false positive and we already contacted Kaspersky to fix that problem. In the meantime, we offer two solutions bellow.
Description: Example of Kaspersky log:

`Proactive Defense

-----------------

Events monitored: 4

Registry calls: 0

Blocked: 4

Start time: 4/15/2010 11:19:05 AM

Duration: 04:39:26
Detected

--------

Status Object

------ ------
Events

------

Time Name Events

---- ---- ------

4/15/2010 3:55:22 PM C:DOCUMENTS AND SETTINGSADMINLOCAL SETTINGSTEMPIS-3LE0P.TMPFBSETUP.TMP Process is trying to inject into another process. This behavior is typical of some malicious programs (Invader)

4/15/2010 3:55:22 PM C:DOCUMENTS AND SETTINGSADMINLOCAL SETTINGSTEMPIS-3LE0P.TMPFBSETUP.TMP "Quarantine" action is selected

4/15/2010 3:55:22 PM C:DOCUMENTS AND SETTINGSADMINLOCAL SETTINGSTEMPIS-3LE0P.TMPFBSETUP.TMP Forced to terminate the process.

4/15/2010 3:55:22 PM C:DOCUMENTS AND SETTINGSADMINLOCAL SETTINGSTEMPIS-3LE0P.TMPFBSETUP.TMP Error moving to Quarantine.

4/15/2010 3:55:22 PM R:BACKUP4ALL4.X4.4_203BNORMALFBSETUP.EXE Process is trying to inject into another process. This behavior is typical of some malicious programs (Invader)

4/15/2010 3:55:22 PM R:BACKUP4ALL4.X4.4_203BNORMALFBSETUP.EXE "Quarantine" action is selected

4/15/2010 3:55:22 PM R:BACKUP4ALL4.X4.4_203BNORMALFBSETUP.EXE Forced to terminate the process.

4/15/2010 3:55:22 PM R:BACKUP4ALL4.X4.4_203BNORMALFBSETUP.EXE Error moving to Quarantine.
Registry

--------

Time Application Key name Value name Data Data type Operation type Status

---- ----------- -------- ---------- ---- --------- -------------- ------
Settings

--------

Parameter Value

--------- -----

Application Activity Analyzer on

Registry Guard off`
Solution:

In the Kaspersky report page, right click the suspicious file (FBackup.exe) and select "Add to trusted zone"
or
Open Kaspersky, click MySecurityZone - Applications (on the right).

Select All in the dropdown list and scroll down to the bottom.

Locate any applications related to FBackup and right-click them and click "change status" and select Trusted.

Run FBackup again.

Do you know you can monitor your backups remotely with Backup4all Monitor? You can read more here: https://www.backup4all.com/backup4all-monitor.html
Top
Post Reply

Return to “General”