2024-04-10 - Help! ReflexBlue contains a Virus!!!
Written by: Rogier Bessem
Don’t panic! You can continue to breathe calmly. Although your virus scanner indicates that ReflexBlue contains a virus, this is usually not the case. Read in this blog why the virus scanner wrongly warns you.
Why does your virus scanner indicate that ReflexBlue contains a virus?
Computer viruses are, to say the least, very annoying and can even be dangerous. Computer virus creators generally have malicious goals. They try to steal information from you or hold your computer hostage.
Because a lot of money can be made from this, these virus makers spend a lot of time making the virus invisible to the virus scanner that you have on your computer.
This is a major challenge for the makers of the virus scanner. They must ensure that their virus scanner inspects files in such a way that they still recognize that the file contains a virus. They use many different methods of inspection for this. A number of them are very specific and can say with certainty that a particular virus has been recognized. Other ways are much less concrete. These only indicate a probability that something is a virus. The virus scanners must also ensure that they can recognize viruses that have never been detected before. All in all, quite a challenge.
This challenge is so great that virus scanners can also make errors in their analysis. A virus scanner can sometimes indicate that a file is safe when in reality it is not safe at all. We call this ‘false negative’. On the other hand, a virus scanner can also indicate that a file is unsafe even though there is nothing wrong with the file. We call this a ‘false positive’.
It is important for the makers of a virus scanner to limit the number of ‘false-negative’ and ‘false-positive’ results. Too many ‘false-positive’ reports will make you experience your virus scanner as an annoying system. Maybe even so annoying that you turn off the scanner. Too many ‘false negative’ results and you lose confidence in your virus scanner because it has not detected viruses.
The virus scanner must therefore work in such a way that it finds a good compromise between the number of ‘false-negatives’ and ‘false-positives’. The maker of the virus scanner usually chooses to allow more false positives if that reduces the number of false negatives.
Because virus scanners always have to make such a compromise, ReflexBlue may be classified as a virus when it actually is not.
What you can do with such a message from your virus scanner
If a virus scanner finds that a file is infected with a virus, the virus scanner usually deletes this file immediately. Some scanners move the file to a quarantine location, others delete the file completely.
Report a false positive to the manufacturer of the virus scanner
The virus scanner records a lot of information about the infected file. You can find this information in the virus scanner and you can also indicate there that you think it is a ‘false-positive’ identification. As soon as you do that, the data from this file will be sent to the manufacturer of the virus scanner. This will further investigate this data to determine whether it is a real virus. If the file does not contain a virus, they adjust the virus scanner so that it marks the file as safe. This process usually takes several days.
Use another virus scanner online to analyze the file again
There are a number of free virus scanners on the internet to which you can upload files. If these scanners find the file safe, you can reasonably assume that the file is safe.
Exclude the file from analysis
After you have convinced yourself via the online virus scanners that it is a ‘false-positive’ message, you can exclude the file from analysis in the virus scanner. This prevents the scanner from deleting the file. This way you can continue to use ReflexBlue while you wait for a new release of the virus scanner.
If the virus scanner has deleted files that are causing ReflexBlue to no longer work on your PC, you can reinstall ReflexBlue on your machine in the usual way. Because you previously indicated in the virus scanner that the file should be excluded from analysis, you will be able to use ReflexBlue again after reinstallation.
Contact the ReflexSystems helpdesk
If you or your system administrator are unable to determine whether the virus report is justified, please contact our helpdesk. You can of course also contact us if reinstalling ReflexBlue does not work.
Why ReflexSystems cannot always prevent you from receiving this message
There are many different virus scanners. Each virus scanner has its own way of determining whether a file is safe or not. In fact, the way it determines whether the file is safe or not is kept secret. Otherwise, things will be made very easy for the makers of the virus.
This means that it is not possible for ReflexSystems to prevent our products from always being fully trusted by the virus scanners.
What is ReflexSystems doing to prevent these types of notifications?
All our programs are digitally signed with a code-signing certificate. This ensures that a malicious party cannot simply make adjustments to our products.
The certificate also ensures that virus scanner manufacturers recognize our products as coming from ReflexSystems. In this way we are building an increasingly better reputation with these producers. A good reputation ensures that we are less likely to be seen as a potential threat.
This reputation building is quite slow. Our software must be used sufficiently often before its reputation is high enough. The benchmark for this is the use of the software around the world.
Since ReflexBlue has not yet reached that global scale, building its reputation is a long-term process. Yet this is the only way to prevent our products from falling victim to incorrect safety analyzes in the future. We therefore continue to publish our products in such a way that we ultimately achieve that high reputation.