AMP False Positive for chromesetup.exe

Bill CARTER · ‎06-07-2017

I believe I am getting a false positive for ChromeSetup.exe. I downloaded the Chrome beta installer direct from Google.

SHA-256 a1fa0737b15a05ac5073985839af253f3470c162730f89f604eb3dc008066c05

Virus Total analysis

https://www.virustotal.com/en/file/a1fa0737b15a05ac5073985839af253f3470c162730f89f604eb3dc008066c05/analysis/1496843791/

David Janulik · ‎06-07-2017

Hi Bill,

I checked the SHA-256, which belongs to Chrome updater. As this is signed by 3rd party, we need to open a BUG for false possitive.

Please go ahead and open a ticket with TAC, as we need a formal procedure to get this fixed. That means the BUG requires a ticket number bind.

Hope this helps

David

Cyber security escalation engineer

Tommy M · ‎06-09-2017

Seems to be a general problem that chrome installers is detected as false positives. I've had to whitelist the following SHA-256 in just a few weeks, all confirmed to be false positives of ChromeSetup:

17ef28f7f5436594b9692c1e7774f7a87458077d55acc8cb0ec3a1ac2ea313bc

f9bf57412d8ef5a04d20af4e6fb29e09498e86b6083c650df60c1aa864cfcbf9

29aec6b94406cd3bbdbcbeda01028db8b0fdd7b43e9e233609a9aac290c1897f

3811c9f6c667c0f7f8d667d8b5c301ac94ea4736b91b3dde3c4a721c88e6430a

Marvin Rhoads · ‎06-09-2017

I've occasionally run into the same issue with my passowrd management tool (Keepass). On 2-3 occassions over the past couple of years it was incorrectly identified as malware and quarantined. I had to whitelist the SHA-256 hash to allow it to update.

I did so after confirming the SHA-256 with the source code and confirming it with the developer. Unfortunately I have a lab license and was unable to open a TAC case on it.