Virus Total Scan flagged "GlassWire Control Service"


#1

Today I upgraded to v 2.1.152. On the alerts tab I see that Virus Total flagged GlassWire Control Service. Why?

When I click on the " i " it opens a web page showing:
VBA32 TScope.Malware-Cryptor.SB

This site wont let me upload more than one image, sorry.


#2

It appears to be a false positive. This means that a scanner reports that it has found what might be a threat but the threat is unable to be confirmed because it probably never existed.

FYI, a link to the actual report is the best way to report this. It’s easy for the GlassWire team and other users like me to see the report:
https://www.virustotal.com/#/file/8fb6c5477ea7ea839f081673f51b5e1e624e05c6009b3e5adf0ccef1d676fcc2/detection

What is the evidence that it is a false positive:

  • No other scanner at VirusTotal reported a problem.
  • VBA32 by VirusBlokada is not considered to be a leading antivirus product so its results carry less weight than other products.
  • You will notice under the Community tab there are five Virustotal members saying GWCtlSrv.exe is Safe and none saying that is Unsafe.
  • There are no confirmed malware infections but other users have, like you, become concerned about similar VirusTotal reports, e.g. Help to determine if my system is compromised

You can read the following articles for further info:


https://www.techsupportalert.com/content/what-false-positive-antivirus-detection.htm


#3

@mikemoy

We cover this here: https://www.glasswire.com/faq/

Why is GlassWire flagging itself as malware under the VirusTotal column?
GlassWire itself may occasionally be flagged as malware by VirusTotal as a false positive. If you have any concerns about this please email us, or post in our forum so we can help you.

Please remember VirusTotal is not an antivirus, but it’s a file analysis service.

Thanks for posting this. I already emailed VBA32 on March 4 about this false positive and I have not yet received any response. You can also visit their website and report this under their “support” email to help get it resolved faster.


#4

@Remah, Your forum does not allow new users to post links. Thus the reason why i didn’t.


#5

@mikemoy

Sorry! We use Discourse.org forum software and this is now its settings work. I apologize for no links for new users, I think it’s to prevent spam.