MozillaZine

What is the problem with Mozilla and Cylance?

Discuss various technical topics not related to Mozilla.
candylovergirl

User avatar
 
Posts: 11
Joined: July 31st, 2019, 1:59 am
Location: Mexico City

Post Posted August 18th, 2019, 11:58 am

Hello,

I would like to know why Cylance Antivirus always detects FireFox as Unsafe @ Virus Total?

Is not aware Mozilla Foundation and its contributors Mozilla Corporation about this issue?

Firefox Win 68.0.1 Cylance Unsafe
https://www.virustotal.com/gui/file/880 ... /detection

Firefox Win 68.0.2 Cylance Unsafe
https://www.virustotal.com/gui/file/b73 ... /detection

I know the reputation of Cylance as Antivirus is not as good as others
I know it is a warning
I know it is a FP
I know I can report it
Cylance
https://home-support.cylance.com/hc/en- ... al-Inquiry

Thanks
Camelia

Brummelchen
 
Posts: 4616
Joined: March 19th, 2005, 10:51 am

Post Posted August 18th, 2019, 12:00 pm

who cares about such very unknown crap as "cylance"?
did that answer your issue?

btw if you had loaded from here you can be sure that all is clean and secure:
https://www.mozilla.org/en-US/firefox/all/

any other - your bad.
Last edited by Brummelchen on August 18th, 2019, 12:01 pm, edited 1 time in total.

candylovergirl

User avatar
 
Posts: 11
Joined: July 31st, 2019, 1:59 am
Location: Mexico City

Post Posted August 18th, 2019, 12:01 pm

Brummelchen wrote:who cares about such very unknown crap as "cylance"?
did that answer your issue?

btw if you had loaded from here you can be sure that all is clean and secure:
https://www.mozilla.org/en-US/firefox/all/

any other - your bad.


Nope

I download it from here:

Log For Firefox 68.0.2.dmg
--------------------------------------------------
URL: https://ftp.mozilla.org/pub/firefox/rel ... 68.0.2.dmg
--------------------------------------------------
Start: 2019/08/15 23:56:15 at byte 0
Finish: 2019/08/15 23:59:27
--------------------------------------------------
Size: 70,121,453
Time: 0:02:48
Speed: 407.6 K/Sec
--------------------------------------------------

Is this download "any other"?

Camelia

DanRaisch
Moderator

User avatar
 
Posts: 122238
Joined: September 23rd, 2004, 8:57 pm
Location: Somewhere on the right coast

Post Posted August 18th, 2019, 12:22 pm

Moving to MozillaZine Tech.

Is this really a Firefox issue? It seems more a problem for Cylance Antivirus to address.

therube

User avatar
 
Posts: 20076
Joined: March 10th, 2004, 9:59 pm
Location: Maryland USA

Post Posted August 18th, 2019, 12:27 pm

Wouldn't that be a better question to put to Cylance?
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball CopyURL+ FetchTextURL FlashGot NoScript

candylovergirl

User avatar
 
Posts: 11
Joined: July 31st, 2019, 1:59 am
Location: Mexico City

Post Posted August 18th, 2019, 12:33 pm

DanRaisch wrote:Moving to MozillaZine Tech.

Is this really a Firefox issue? It seems more a problem for Cylance Antivirus to address.


For me Cyren is affecting the reputation of FF detecting a FP warning, so yup it is a Firefox Issue for me

and the download above was for Mac, this is the log of FF for Win:

Log For Firefox Setup 68.0.2.exe
--------------------------------------------------
URL: https://ftp.mozilla.org/pub/firefox/rel ... 68.0.2.exe
--------------------------------------------------
Start: 2019/08/16 06:13:04 at byte 0
Finish: 2019/08/16 06:14:09
--------------------------------------------------
Size: 48,088,864
Time: 0:01:00
Speed: 782.7 K/Sec
--------------------------------------------------

Checksums:

File Name : Firefox Setup 68.0.2.exe
MD5 : 446f33b3e893ab6aa7bb4b0ce486bb6e
SHA1 : b87b6f1cd21af2ff762085672d2d16750147f202
SHA256 : b73e1e09e0a5d88840680b2536dcea6c4447d2df8c3e79a8fa874cee7f5a15ed win64/en-US/Firefox Setup 68.0.2.exe
File size : 45.9 MB (48,088,864 bytes)

therube wrote:Wouldn't that be a better question to put to Cylance?


I am asking here because I want suggestion about this warning

or maybe it is my faul because I am downloading FF for Windows from
https://ftp.mozilla.org/pub/firefox/rel ... 68.0.2.exe


Thanks
Camelia

DanRaisch
Moderator

User avatar
 
Posts: 122238
Joined: September 23rd, 2004, 8:57 pm
Location: Somewhere on the right coast

Post Posted August 18th, 2019, 12:40 pm

Try downloading from this site and see if the same issue appears - https://www.mozilla.org/en-US/firefox/new/

For me Cyren is affecting the reputation of FF detecting a FP warning, so yup it is a Firefox Issue for me

It might be a business/reputation issue for Mozilla but that still doesn't make it a Firefox browser issue if the false positive is some Cyren must correct.

Frank Lion

User avatar
 
Posts: 20499
Joined: April 23rd, 2004, 6:59 pm
Location: ... The Exorcist....United Kingdom

Post Posted August 18th, 2019, 1:14 pm

candylovergirl wrote:For me Cyren is affecting the reputation of FF detecting a FP warning, so yup it is a Firefox Issue for me

BS.

You want somebody to take 'ownership' of your problem and solve it. We ain't that daft here.

That somebody is - Cylance Antivirus support.
Metal Lion latest SeaMonkey & Thunderbird Themes - Sea Monkey and Silver Sea Monkey
"The only thing necessary for the triumph of evil, is for good men to do nothing." - Edmund Burke (attrib.)

James
Moderator

User avatar
 
Posts: 27650
Joined: June 18th, 2003, 3:07 pm
Location: Made in Canada

Post Posted August 18th, 2019, 1:16 pm

https://www.mozilla.org/firefox/all/ is where you get the current Release of Firefox. It also serves the full setup for Windows as the small online stub (for Windows) is served on http://www.mozilla.org

The https://ftp.mozilla.org/pub/firefox/releases/ and https://archive.mozilla.org/pub/firefox/releases/ for current Release is the same file served on https://www.mozilla.org/firefox/all/


It is a issue with Cylance and they do not do it with just the desktop Firefox web browser.

https://bugzilla.mozilla.org/show_bug.cgi?id=1468067
Cylance appears to be detecting anything that's been through UPX as unsafe.


Which is the mention of 7zS.sfx in virustotal details.

Please do not comment in any mentioned bugs as they are for Reading only. https://bugzilla.mozilla.org/page.cgi?id=etiquette.html

candylovergirl

User avatar
 
Posts: 11
Joined: July 31st, 2019, 1:59 am
Location: Mexico City

Post Posted August 18th, 2019, 4:06 pm

Frank Lion wrote:
candylovergirl wrote:For me Cyren is affecting the reputation of FF detecting a FP warning, so yup it is a Firefox Issue for me

BS.

You want somebody to take 'ownership' of your problem and solve it. We ain't that daft here.

That somebody is - Cylance Antivirus support.


And what about "OS X Sandbox TROJAN EVADER" detected @ VT in FF current version for Mac?

A) OS X Sandbox IS NOT an Antivirus is part of the macOS
b) it is a warning only

Who is that somebody in this case?

Download from
https://www.mozilla.org/en-US/firefox/all/ > https://download.mozilla.org/?product=f ... lang=en-US >
https://download-installer.cdn.mozilla. ... 68.0.2.dmg

Download Log For Firefox 68.0.2.dmg
--------------------------------------------------
URL: https://download-installer.cdn.mozilla. ... 68.0.2.dmg
--------------------------------------------------
Start: 2019/08/18 17:03:43 at byte 0
Finish: 2019/08/18 17:04:38
--------------------------------------------------
Size: 70,121,453
Time: 0:00:48
Speed: 1426.6 K/Sec
--------------------------------------------------

Checksum Firefox 68.0.2.dmg

File Name : Firefox 68.0.2.dmg
MD5 : d83d8dc8b57d4fbdde61009081874be9
SHA1 : 6250ca14b5f290a435cec320c898b95bdb288029
SHA256 : 173440ca6147c6e1eebbe36f332da2c4347e37269152ad55c431f6b0d7078862

Firefox Mac 68.0.2 /mac/en-US - 66M - 14-Aug-2019 - OS X Sandbox TROJAN EVADER
https://www.virustotal.com/gui/file/173 ... /detection

James wrote:https://www.mozilla.org/firefox/all/ is where you get the current Release of Firefox. It also serves the full setup for Windows as the small online stub (for Windows) is served on http://www.mozilla.org

The https://ftp.mozilla.org/pub/firefox/releases/ and https://archive.mozilla.org/pub/firefox/releases/ for current Release is the same file served on https://www.mozilla.org/firefox/all/


It is a issue with Cylance and they do not do it with just the desktop Firefox web browser.

https://bugzilla.mozilla.org/show_bug.cgi?id=1468067
Cylance appears to be detecting anything that's been through UPX as unsafe.


Which is the mention of 7zS.sfx in virustotal details.

Please do not comment in any mentioned bugs as they are for Reading only. https://bugzilla.mozilla.org/page.cgi?id=etiquette.html


Same result for Win 64 - bits download it from - https://www.mozilla.org/en-US/firefox/new/
https://www.mozilla.org/en-US/firefox/new/ > https://download.mozilla.org/?product=f ... lang=en-US
https://download-installer.cdn.mozilla. ... 68.0.2.exe

Download Log For Firefox Setup 68.0.2.exe
--------------------------------------------------
URL: https://download-installer.cdn.mozilla. ... 68.0.2.exe
--------------------------------------------------
Start: 2019/08/18 16:35:32 at byte 0
Finish: 2019/08/18 16:38:00
--------------------------------------------------
Size: 48,088,864
Time: 0:02:12
Speed: 355.8 K/Sec
--------------------------------------------------
File Name : Firefox Setup 68.0.2.exe
MD5 : 446F33B3E893AB6AA7BB4B0CE486BB6E
SHA1 : B87B6F1CD21AF2FF762085672D2D16750147F202
SHA256 : B73E1E09E0A5D88840680B2536DCEA6C4447D2DF8C3E79A8FA874CEE7F5A15ED
File size : 45.9 MB (48,088,864 bytes)

VT 1/66 #FP Cylance Unsafe
https://www.virustotal.com/gui/file/b73 ... /detection

I will explain later today my concern with these FP's

Thank
Came

James
Moderator

User avatar
 
Posts: 27650
Joined: June 18th, 2003, 3:07 pm
Location: Made in Canada

Post Posted August 18th, 2019, 4:38 pm

in comments


Are you saying Cylance is unsafe and Firefox is safe or that Cylance is doing a False Positive on saying it is unsafe.

candylovergirl

User avatar
 
Posts: 11
Joined: July 31st, 2019, 1:59 am
Location: Mexico City

Post Posted August 18th, 2019, 6:54 pm

James wrote:in comments


Are you saying Cylance is unsafe and Firefox is safe or that Cylance is doing a False Positive on saying it is unsafe.


I am saying One engine (Cylance) detected this file as Unsafe, and has a Warning icon in color red, in short and for my own personal notes: "Warning Cylance Unsafe"

Camelia

Brummelchen
 
Posts: 4616
Joined: March 19th, 2005, 10:51 am

Post Posted August 19th, 2019, 1:16 am

you got your recommendation - use it or drop it.
we or mozilla are not responsible, can not change anything and we are not cylance to complain.

and most of us dont care about such VT results. VT is not allowed in some forums for exactly this reason - people are not able to "read" the results and cry rivers for nothing.

next customer please...!

candylovergirl

User avatar
 
Posts: 11
Joined: July 31st, 2019, 1:59 am
Location: Mexico City

Post Posted August 19th, 2019, 7:54 am

Thank you very much to all

Kind Regards,
Camelia

therube

User avatar
 
Posts: 20076
Joined: March 10th, 2004, 9:59 pm
Location: Maryland USA

Post Posted August 19th, 2019, 8:58 am

So question Cylance to see if in fact their reason for marking FF as "unsafe" is in fact simply a matter of it being packed with UPX?

(Heh. With Firefox Setup 52.9.0esr_x86.exe "compressing" it with UPX results in a .20% size reduction.)

https://www.virustotal.com/gui/file/6ec ... /detection

If I then decompress it (using UPX), getting rid if the UPX packing, it then complains about the 7-zip SFX (self extractor).

https://www.virustotal.com/gui/file/d21 ... /detection

Suppose you're not going to win with Cylance :-).
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball CopyURL+ FetchTextURL FlashGot NoScript

Return to MozillaZine Tech


Who is online

Users browsing this forum: No registered users and 0 guests