Page 1 of 1

Virus warning: "Suspicous behav." when installing BirdieSync

Posted: Fri Sep 21, 2012 6:52 pm
by DBird

I know this it not new, but obviously it hasn't changed over the past years: Some virus scanners tend to warn or block BirdieSync. ... f=2&t=1054 ... f=6&t=1764

In my case, the current version of Avira Antivir Premium detected "suspicious behaviour" of BirdieSyncSetup.exe - so not in a file scan (as, but when surveying what the running programm does. Unfortunately Antivir leaves me without further information what is meant by "suspicious".

Birdy, might this should still stem from a library you include, as mentionded in one of the older threads above?
Or does your installer anything uncommon you could prevent? I don't know, e.g. writing to uncommon directories or registry entries?

I don't think BirdieSync is malware, but there is a bad feeling to simple ignore this and click "OK"... :?

Re: Virus warning: "Suspicous behav." when installing Birdie

Posted: Sat Sep 22, 2012 9:49 am
by Birdy
Hello DBird,

The problem is that each time BirdieSync is considered as a false positive by anti-virus, it's for different reasons (a dll, an exe, the setup file, ...). To be honest with you I don't know exactly the reason in each case. These anti-virus editors use heuristics which by definition can make errors of detection... And I guess that since usually these errors are automatically corrected by software anti-virus, other softwares than BirdieSync are impacted as well by these false detections.

BirdieSync setup file doesn't do any unauthorized operations. It accesses registry for very common operations like checking if a runtime package is already installed or automatically starts BirdieSync at login.
Would you have more details about the "suspected behavior" of the installer detected by Avira Antivir Premium ? Maybe that could help.

Re: Virus warning: "Suspicous behav." when installing Birdie

Posted: Mon Oct 22, 2012 7:38 pm
by DBird
Hello Birdy,

as Avira doesn't offer a clear information what would seem "suspicious", I have uploaded the BirdieSync installer to Avira as "false positive". Unfortunately, I didn't get an answer though I asked twice.