Does anyone have a definitive answer to why Angry IP Scanner (IPScan) is detected as a virus (hacktool) by so many antivirus vendors, while similar tools such as Nmap and Advanced IP Scanner are not? I've searched for an answer to this but have been unable to find a reason. And this isn't a request for opinion; I'm hoping someone may have seen an answer to this in the past and can link me to a source for why this is.
Asked
Active
Viewed 2,265 times
5
-
It is not as famous to be exist on their exception list. – Ipor Sircer Dec 05 '17 at 05:04
2 Answers
2
It’s an answer antivirus vendor can give you, as usualy its a file signature that trigger such detection.
Please note other product are affected by such detection, ‘ike the remote tool AMMY was too flagged as a hack tool
The official answer
Important: There are no trojans or viruses in Angry IP Scanner’s ipscan.exe. Review the source code if you wish to check yourself.
Some antivirus software vendors (McAfee, Symantec, and some others) are identifying Angry IP Scanner as ‘potentially unwanted program’ or risky ‘hacktool’. Their programs often delete Angry IP Scanner from the disk during virus scanning.
The reason behind this is the will to bloat ‘virus databases’ and show unreal high number of detected ‘viruses’ in order to impress their customers. So they include everything they can find on the Internet, including many security tools, such as Angry IP Scanner.
Note that the cross-platform incarnation of Angry IP Scanner (version 3.x) is not being detected.
There is a petition to antivirus software vendors, please sign it.
yagmoth555
- 16,758
- 4
- 29
- 50
-
That's the official answer as put forth by the maker of Angry IP. I'm interested as to what any of the antivirus vendors might say about it. Angry IP realistically doesn't do anything nmap doesn't do, so why single out Angry IP? – DarkMoon Dec 19 '17 at 05:46
-
@DarkMoon abuse most likely, as not only angryip is banned such way. like magicalbean (to view your licence installed), amy(support tool like teamviewer), etc.. maybe its a way for them to keep the competition low in that market, who know, sadly – yagmoth555 Dec 19 '17 at 17:06
-
Could it be that a virus has taken the source of Angry IP and wrapped it into their deploy? When a scanner comes across the signature it is flagged? – cliffclof Sep 08 '20 at 03:52
0
As said by Igor probably. Normally app owner can ask Antivirus vendors to approve his app and put to white list. It might also perform some strange behavior that is not identified by virus definitions rather than by heuristic scan. I guess you would get better answer if you contact support of your antivirus vendor that identified the app as malicious and ask them.
Gibon
- 11
- 1