[Updated!] Quickly Email False Positives to AV Vendors

[EmilyLove]

View the Project at GitHub: https://github.com/BetaLeaf/False-Positive-Reporter

Download False Positive Reporter: https://github.com/BetaLeaf/False-Positive-Reporter/releases

Wiki: https://github.com/BetaLeaf/False-Positive-Reporter/wiki

 

Thanks Jos for your Example Script involving Emailing attachments.

Thanks JohnOne for helping me figure out the Run as Non-Admin Issue.

Thanks Chiron at http://www.techsupportalert.com/content/how-report-malware-or-false-positives-multiple-antivirus-vendors.htm for your wonderful post.

Disclaimer: This script is meant for submitting false positives to AntiVirus Vendors so you can deploy your scripts faster. I am not responsible for your misuse of this script.

Edited October 5, 2016 by BetaLeaf
Updated for Github Releases

[lorenkinzel]

Nice.

Curious; has it done any good?

That is, do the AV vendors actually pay attention to submissions?

I'm not familiar with that sort of thing.

[EmilyLove]

Yes. As long as the Email doesn't fail to deliver because their mailboxes are full, then it will work. AV Vendors usually have some kind of bot monitoring these emails for attachments. Now, I don't have enough test data to know if it works fully. On the tests I have run, it has definitely cut out like 75% of the work I had to do before writing this script.

Edited August 28, 2015 by BetaLeaf

[EmilyLove]

If you subscribed to this post, I am writing to inform you that I have uploaded the final version of this script. I won't be updating it anymore unless someone points out a bug I need to fix. 

[Proph]

I was able to successfully use this once I went and enabled access for less secure apps here:

https://www.google.com/settings/security/lesssecureapps

[EmilyLove]

I was able to successfully use this once I went and enabled access for less secure apps here:

https://www.google.com/settings/security/lesssecureapps

How was your experience using the script?

[Proph]

It was pretty simple once I got it working.  Hopefully the Antivirus Vendors do their jobs now. ;-)

 

I just checked my email and I have many replys from the AV Vendors.  They all say that the files are clean.  So it looks like it worked well. Thanks!   This will come in handy for sure.

Edited September 7, 2015 by Proph

[EmilyLove]

No problem. Glad it was able to help. Mind liking my OP?

Edited September 8, 2015 by BetaLeaf

[Allow2010]

thanks, nice idea...will try it

[JohnOne]

Is there a reason this example needs administrator right?

Why not HKCU instead of HKLM?

[EmilyLove]

Is there a reason this example needs administrator right?

Why not HKCU instead of HKLM?

Because I didn't know that was the problem. I spent a few hours trying to figure it out but I gave up in the end. I'll fixed it. I'll update the OP as well. Thanks.

Edited October 12, 2015 by BetaLeaf

[JohnOne]

There was no problem friend.

Good script, will help people.

[EmilyLove]

Thanks. I decided to put it on github so others can make improvements via forks. If I like their work I can pull it into the master branch.

[Chimaera]

Ok ive grabbed this thinking to submit my scripts to stop problems with avast etc

Ive filled it in and the little gui has disappeared and all i get is an error about a missing temp folder zip

Is there not a window where i can add the file to upload?

My files are not infected just created with AutoIt

[guinness]

I am not keen on the idea of "spamming" Anti-Virus companies, but I just wanted to point out that versioning exectuables is bad practice.

[EmilyLove]

I am not keen on the idea of "spamming" Anti-Virus companies, but I just wanted to point out that versioning exectuables is bad practice.

The intended use for this script is not to spam Anti-Virus Vendors. I also don't understand what you mean about versioning executables. I thought tracking the version of a program helps people keep track of changes. What should I be doing? What do you recommend?

Ok ive grabbed this thinking to submit my scripts to stop problems with avast etc

Ive filled it in and the little gui has disappeared and all i get is an error about a missing temp folder zip

Is there not a window where i can add the file to upload?

My files are not infected just created with AutoIt

The Temp folder is @TempDir & "\" & @MON & "-" & @MDAY & "-" & @YEAR & "-" & @HOUR & "-" & @MIN & "-" & @SEC & "\" where @TempDir is your %localappdata%\Temp. This program works via Drag and Drop the file you want to upload onto the Exe. I made a fork with my first attempt at fixing your issue. You can try it at https://github.com/BetaLeaf/False-Positive-Reporter/tree/Issue-1. If this fixed work for you, let me know so I can pull it into the Master Project.

[JohnOne]

It might be prudent to allow user to select their antivirus vendor, usually it is only one or two vendors flagging, not all.

Sending to all could be considered spamming, and might just be wasting their time.

[guinness]

git and other version control systems are intended to be used for versioning non-binary files i.e. source code, because they are easily created via the source code. Not to mention each time you commit a new binary file, say 1MB, that goes towards your GitHub repository quota, which is a finite amount for FREE users.Your best bet is to look at creating incremental releases in which you can upload a compiled version of your script once in a while. Search online for more about using git and GitHub properly.

Edited October 17, 2015 by guinness

[EmilyLove]

It might be prudent to allow user to select their antivirus vendor, usually it is only one or two vendors flagging, not all.

Sending to all could be considered spamming, and might just be wasting their time.

I understand now, sorry. Yea I made this script to save my time manually submitting them. As long as you aren't sending an excessive amount of emails in one day, you should be fine. In my experience, bots watch the email boxes, not humans. In this case, then the only time I would waste time is my own by not using this script.

 

It should also be noted you can reconfigure the Emailer with Config FPR.exe and change the emails it mails to if it's always certain vendors causing problems. I just left the default to use all of them but the user can select which vendor they want to email. 

Edited October 17, 2015 by BetaLeaf
Added clarification

[EmilyLove]

git and other version control systems are intended to be used for versioning non-binary files i.e. source code, because they are easily created via the source code. Not to mention each time you commit a new binary file, say 1MB, that goes towards your GitHub repository quota, which is a finite amount for FREE users.Your best best is to look at creating incremental releases in which you can upload a compiled version of your script once in a while. Search online for more about using git and GitHub properly.

Ok I understand. Thank you for your advice.