FYI: Avira detects "Shutdown Windows' servers" by special signature for this tool

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!


Avira's AntiVir does not detect "Shutdown Windows' servers" as malware
because of generic detection algorithms.

It detects "Shutdown Windows' servers" because of a special signature
for this tool.

We did a small testing to proof that: I created a small test program:

This program contains a copy of the code of "Shutdown Windows' servers",
which shutdowns one single service, Universal PnP. If AntiVir detects
with generic signatures, it has to detect this, too.

Then Markus Steinborn testet, if AntiVir realliy detects this. It does not:

Now it's clear, that Avira created a special signature for "Shutdown
Windows' servers", and that they're not detecting "by accident" or
something like that.

It's not necessary to whitelist for Avira, they just have to stop
blacklisting my tool.

Ich würde schätzen, dass ca. 87% aller spontanen Schätzungen völlig für
den Arsch sind.

    Ralph Angenendt in

Site Timeline