Skip to main content

Microsoft Defender is Wrongly Detecting Malware in Lasernet Monitor - News / Lasernet / Lasernet News - Formpipe Support Portal

Jan 17 2024

Microsoft Defender is Wrongly Detecting Malware in Lasernet Monitor

Authors list

Logo Lasernet.png


Since December 2023, Microsoft Defender has been flagging the LnMonitor.exe software (developed by Formpipe) as Trojan:Win32/Znyonm!pz or Phonzy malware. However, this is a "false positive", and Microsoft has confirmed that this is the case.

As a part of our rigorous release process for Lasernet, the Lasernet installer packages from Formpipe Software are scanned for viruses by VirusTotal and must be declared clean before release.

Microsoft Confirmation of False Positive

Formpipe has tracked the file hashes of the Lasernet Monitor 10 application (that Microsoft Defender has been flagging as malware), and has raised these detections with the Microsoft security team as false positive detections.

As shown below, that Microsoft team has confirmed that they are false positives, and the detection has been whitelisted from the Microsoft Defender threat database.

researcher comment 2.png

It is currently unclear why Microsoft Defender wrongly flagged Lasernet software as malware. During December 2023 and January 2024, Formpipe rebuilt Lasernet software multiple times, but Microsoft Defender flagged each build as malware. Microsoft (and other antivirus companies) intentionally do not publish information around how their antivirus solutions characterize malware, to avoid real malware creators from designing around those algorithms.

Current Status

We are currently still working with Microsoft to fully resolve this issue. From January 16th 2024, we can confirm that new builds of Lasernet software are no longer being flagged as malware by Microsoft Defender. Formpipe uses Microsoft build servers to build Lasernet software, and those build servers run Microsoft Defender.

However, we currently cannot be certain that Microsoft Defender will not subsequently repeat its mistake for these (and future) builds of Lasernet software. Also, Microsoft's work to update Microsoft Defender (to fully resolve this issue) is still ongoing.

Before we release the latest software builds, we are further investigating the extent and efficacy of Microsoft's latest actions on this issue.

Workaround

While Formpipe customers are waiting for Microsoft to update Microsoft Defender, they can use the following workarounds:

Updating Microsoft Defender's virus definitions (https://www.microsoft.com/en-us/wdsi/defenderupdates) to clear cached detections and obtain the latest malware definitions will not resolve this detection issue until Microsoft distributes comprehensive and effective updates to the Microsoft Defender virus definitions.

Long-Term Solution

Formpipe is working with Microsoft to find a long-term solution to this issue. We will update you with news in due course.

Thank you for your understanding during this time. If you have any questions, please contact us via the Create Ticket button in the support portal.

Helpful Unhelpful

12 of 13 people found this page helpful

Add a comment

Please log in or register to submit a comment.

Need a password reminder?