Virus detected on install

[CyJobes]

I recently performed a reinstall of ExamDiff Pro and in the process I received a warning that a virus was detected.

The file name is PESnoop.exe and the virus/malware name is PAK_GENERIC.001.

Info from Trend Micro can be found at
http://www.trendmicro.com/vinfo/virusen ... eneric.001.

Cy

[psguru]

Thanks for reporting this. These things usually go away after their virus definitions are updated. The file (PESnoop.exe) hasn't changed since 2002, and a scan with multiple anti-virus tools at http://virusscan.jotti.org/ shows no threats.

[CyJobes]

I still have a problem.

The IT group would like some sort of assurances that this file is NOT a virus.

We use Trend Micro and it does not like anything that is PESnoop. You can do all the scans you want from web tools, but unlike some tools on the web, our virus protection software is not friendly to these sorts of things. We are a corporation that requires diligent scrutiny of any threat.

We’re getting a lot of flack about this and will possibly be forced to remove this program unless you can prove this is not a threat.

Cy

[psguru]

What else can I add? As I said, the file (PESnoop.exe), which is a third-party tool, hasn't changed since 2002. If your anti-virus didn't detect it as a virus earlier, e.g. in 3.5, why does is detect it now?

[Ivanhoe]

I have same problem. Since last several 1 versions of ExamDiff Pro 14.0 (latest 14.0.1.27) I have suspicious software warnings from our antivirus software Sentinel one. The file PESnoop.exe is deleted as threat.

[psguru]

It's one of the plug-ins ExamDiff Pro uses for comparing executables. You will likely not need it but the PESnoop.exe is certainly not malware. We haven't updated it in the installer since 2010. We'll see if there is an alternative to it.

[psguru]

We decided to remove PESnoop plug-in: it's rarely used, not updated by the author, and causes occasional warnings. This will be done in the next build of 15.0 beta.