Some users who download programs a lot have trouble with false positive detections--especially the suspicious origin detection. This detection is designed to identify files that are not properly registered with the Windows operating system (OS), which will detect many malware files. Unfortunately, many "good" program files are not registered properly also--especially installers and dll files. Clam Sentinel tries to allow for this by requiring an extra detection before it will quarantine files in certain folders. Despite this, however, false positives will still happen.
I strongly suggest that you read the information in the Clam Sentinel Simple Guide about false positives. The Simple Guide explains the difference between Clam Sentinel "suspicious" detections and ClamWin "infected" detections and suggests how to handle each. If you are still bothered by false positives, I suggest that you whitelist each falsely-detected file like: folder/subfolder/filename.extension in Clam Sentinel's advanced settings, paths or files not scanned. You could whitelist like: .msi to exclude all msi installers, or folder/.msi to exclude msi installers in a certain folder, but that is dangerous and not recommended. It is best to whitelist the entire location and the filename and extension.
Perhaps in the future Andrea Russo will be able to further minimize false positive detections, but this is the best advice we can give at present. Remember that Clam Sentinel is still working for you even when it detects false positives.
Thank you for using Clam Sentinel and ClamWin.
Regards,
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
There was an error in my previous whitelisting instructions. It should
have read: You could whitelist like: .msi to exclude all msi installers,
or folder/.msi to exclude msi installers in a certain folder, but that is
dangerous and not recommended. It is best to whitelist the entire location
and the filename and extension.
Some users who download programs a lot have trouble with false positive
detections--especially the suspicious origin detection. This detection is
designed to identify files that are not properly registered with the
Windows operating system (OS), which will detect many malware files.
Unfortunately, many "good" program files are not registered properly
also--especially installers and dll files. Clam Sentinel tries to allow for
this by requiring an extra detection before it will quarantine files in
certain folders. Despite this, however, false positives will still happen.
I strongly suggest that you read the information in the Clam Sentinel
Simple Guide about false positives. The Simple Guide explains the
difference between Clam Sentinel "suspicious" detections and ClamWin
"infected" detections and suggests how to handle each. If you are still
bothered by false positives, I suggest that you whitelist each
falsely-detected file like: folder/subfolder/filename.extension in Clam
Sentinel's advanced settings, paths or files not scanned. You could
whitelist like: .msi to exclude all msi installers, or folder/.msi to
exclude msi installers in a certain folder, but that is dangerous and not
recommended. It is best to whitelist the entire location and the filename
and extension.
Perhaps in the future Andrea Russo will be able to further minimize false
positive detections, but this is the best advice we can give at present.
Remember that Clam Sentinel is still working for you even when it detects
false positives.
Some users who download programs a lot have trouble with false positive detections--especially the suspicious origin detection. This detection is designed to identify files that are not properly registered with the Windows operating system (OS), which will detect many malware files. Unfortunately, many "good" program files are not registered properly also--especially installers and dll files. Clam Sentinel tries to allow for this by requiring an extra detection before it will quarantine files in certain folders. Despite this, however, false positives will still happen.
I strongly suggest that you read the information in the Clam Sentinel Simple Guide about false positives. The Simple Guide explains the difference between Clam Sentinel "suspicious" detections and ClamWin "infected" detections and suggests how to handle each. If you are still bothered by false positives, I suggest that you whitelist each falsely-detected file like: folder/subfolder/filename.extension in Clam Sentinel's advanced settings, paths or files not scanned. You could whitelist like: .msi to exclude all msi installers, or folder/.msi to exclude msi installers in a certain folder, but that is dangerous and not recommended. It is best to whitelist the entire location and the filename and extension.
Perhaps in the future Andrea Russo will be able to further minimize false positive detections, but this is the best advice we can give at present. Remember that Clam Sentinel is still working for you even when it detects false positives.
Thank you for using Clam Sentinel and ClamWin.
Regards,
There was an error in my previous whitelisting instructions. It should
have read: You could whitelist like: .msi to exclude all msi installers,
or folder/.msi to exclude msi installers in a certain folder, but that is
dangerous and not recommended. It is best to whitelist the entire location
and the filename and extension.
Regards,
On Sat, Apr 19, 2014 at 3:37 PM, Robert Scroggins
sentinelguy@users.sf.netwrote: