I have been using Angry IP Scanner for a long time and probably use it at least once a week. It’s an awesome, easy to use freeware utility. But as of today, Symantec thinks it is a threat to my system, and has quarantined all instances of ipscan.exe. I need to investigate if this is true, or if this is just a false positive.
From the Symantec listing:
Hacktool.Angry is a tool for scanning ranges of IP addresses to find computers. It is also a port scanner that can be used to probe ports on computers.
Update 1: Found some chatter on the official Angry IP forums at SourceForge. But no official word from the software company or Symantec.
Update 2: Andy has posted a link in the comments to a Symantec page for reporting false positives. So if your here because you’re experiencing this issue, please fill out the form and let’s hope Symantec does the right thing.
hmmm – thats the third or fourth screwup in less than 4 weeks – first chinese windows, then autoit scripts, then this
I’m seeing this too, as of June 19, 2007.
Me too.
As engineer, its great at finding out what server is on what IP.
Every time i claw it back from Quarantine, about 5-10 mins Symantec puts it back! Grrrrrrrrrrrrrrrrrr!
I’m glad I’m not the only one. It won’t even let me download a new copy.
Another reason why tech’s need to have control over av definitions and quarantine policies!
You can request the software gets removed at https://submit.symantec.com/false_positive/index.html
I’ve just done it as I’ve unquarantined this file 3 times now and it’s getting on my nerves.
Mine’s being blocked as well on my work PC. I can still get it to run though by putting it elsewhere on a shared drive and then running it by a shortcut on my desktop.
Also noticed that Symantec claims it “arrives as an executable file that must be manually installed on the computer.” Not true, there is not install it’s a regular 32-bit executable.
Thanks for that link Andy. Let’s hope it does some good!
If you are in a centrally managed environment, chances are that, you will not be able to exclude folders, however, I was just trying the various options in the SAV and seem to have found one option to exclude files, Users can exclude Security Risks by doing:
Open SAV
Click Configure
Click Actions
Select Security Risks
Select Exceptions
Click ADD.
I am not sure if a novice user would get to do this, however, could this be exploited by malware applications?
Regards,
Prasanna
Even not AVs are flawless… best way to protect your files is to take them off your computer to a safe mobile / backup storage, with no overwritting allowed (Still, magnet fields among others can destroy it! So, have two or three to trick out…). Keep the low-information-diet. Give hackers some treats but not the right ones ;-)Way back in hi-ranked IT school and factory they would say… hum… unplug it! Go to the beach, go to the mountains, take a walk and enjoy life!
Cheers!
Lou