Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Windows Sees Installer as Trojan #8951

Closed
dmcblue opened this issue Nov 9, 2019 · 8 comments · Fixed by #8990
Closed

Windows Sees Installer as Trojan #8951

dmcblue opened this issue Nov 9, 2019 · 8 comments · Fixed by #8990
Labels
ci
Milestone

Comments

@dmcblue
Copy link

@dmcblue dmcblue commented Nov 9, 2019

Hi, I just downloaded the 64-bit installer for Windows. Windows Security sees it as a potential Trojan for some reason.
trojan
It immediately quarantined the .exe file.

I'm not sure if there is much to be done about this or just useful to report.

Is there anyway to validate that the download has not been hijacked in anyway and that what I downloaded is the legit installer?

@ncannasse

This comment has been minimized.

Copy link
Member

@ncannasse ncannasse commented Nov 11, 2019

This is most likely a false positive from your A/V
We are working on solution to sign our binaries.

@Aurel300

This comment has been minimized.

Copy link
Contributor

@Aurel300 Aurel300 commented Nov 11, 2019

The related issue is #7720

@diddledan

This comment has been minimized.

Copy link

@diddledan diddledan commented Nov 11, 2019

also once Haxe 4.0.1 is installed after bypassing the initial message above, smartscreen shows:

image

VirusTotal report for the installer: https://www.virustotal.com/gui/file/400e39aff07749ca2ed523839c8a1a267a9684a454fcafd6c30f774b8fa1dc3a/detection
VirusTotal report for the haxesetup.exe once Haxe is installed: https://www.virustotal.com/gui/file/8e6592f0433657d27baf6eef7e5ae3213cafbde540c7d6a6b0a537eb4b289253/detection

@RealyUniqueName

This comment has been minimized.

Copy link
Member

@RealyUniqueName RealyUniqueName commented Nov 11, 2019

We should provide checksums for our downloads.

@RealyUniqueName RealyUniqueName added this to the Release 4.1 milestone Nov 11, 2019
@RealyUniqueName RealyUniqueName added the ci label Nov 11, 2019
@jonasmalacofilho

This comment has been minimized.

Copy link
Member

@jonasmalacofilho jonasmalacofilho commented Nov 11, 2019

We should provide checksums for our downloads.

We absolutely should.

Unfortunately the results for 400e39aff07749ca2ed523839c8a1a267a9684a454fcafd6c30f774b8fa1dc3a match the checksum from the binary installer at haxe.org/download or releases/tag/4.0.1.

$ curl -L https://github.com/HaxeFoundation/haxe/releases/download/4.0.1/haxe-4.0.1-win64.exe | sha256sum -
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   610    0   610    0     0    979      0 --:--:-- --:--:-- --:--:--   977
100 5779k  100 5779k    0     0  2210k      0  0:00:02  0:00:02 --:--:-- 4483k
400e39aff07749ca2ed523839c8a1a267a9684a454fcafd6c30f774b8fa1dc3a  -

: \

@Simn

This comment has been minimized.

Copy link
Member

@Simn Simn commented Nov 11, 2019

Checksums are a bit of a neckbeard thing, but I suppose in cases like this it's good to be able to double-check.

Regarding signed binaries, does this actually help here? I'd expect the virus signature to still match the executable, and I don't know if signing automatically prevents that.

@RealyUniqueName

This comment has been minimized.

Copy link
Member

@RealyUniqueName RealyUniqueName commented Nov 11, 2019

We can try to get rid of haxesetup.exe #8870 (comment)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
8 participants
You can’t perform that action at this time.