New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Malwarebytes antimalware :O #528

Closed
danilo1984 opened this Issue Dec 18, 2018 · 9 comments

Comments

Projects
None yet
4 participants
@danilo1984
Copy link

danilo1984 commented Dec 18, 2018

image

@HenriWahl

This comment has been minimized.

Copy link
Owner

HenriWahl commented Dec 18, 2018

However this result is achieved... maybe some other malware has been built with pyinstaller and so this malware checker finds some similarities?

@HenriWahl

This comment has been minimized.

Copy link
Owner

HenriWahl commented Dec 23, 2018

Apparently this mostly hits the 32 Bit version of Windows. :-(

I tried building with UPX which lead to non-executable binaries.
Often one finds building new bootloaders for pyinstaller which is internally used for packaging but none of the supported compilers built a new bootloader for me, so I am kind of clueless what to do here. Only hope might be that there are more 64 bit users than 32 bit ones...

@BenoitPoulet

This comment has been minimized.

Copy link
Contributor

BenoitPoulet commented Dec 26, 2018

Symantec Endpoint Proctection says the same.
He talks about "WS.Reputation.1" which means he thinks the executable is suspicous.
File : Nagstamon-3.2-win64_setup.exe

Easy to counter as we just need to ignore the warning or in my case, taking back the file from the Symantec vault.
But it can afraid people.

@HenriWahl

This comment has been minimized.

Copy link
Owner

HenriWahl commented Dec 26, 2018

I managed to compile the bootloaders of pyinstaller for windows myself which lead to different file hashes. Can you check again from download page? All Windows packages are replaced.

@HenriWahl

This comment has been minimized.

@BenoitPoulet

This comment has been minimized.

Copy link
Contributor

BenoitPoulet commented Dec 27, 2018

Same for me with Symantec E. P., alway this @%+*% WS.Reputation.1

But Symantec E. P, flag nearly all the .exe from open source software i download, with this as it's based on a reputation score.
Explained here : https://www.symantec.com/security-center/writeup/2010-051308-1854-99?vid=4294919973

@mygithubthrowaway

This comment has been minimized.

Copy link

mygithubthrowaway commented Jan 10, 2019

@HenriWahl
This is a very serious security issue.

Can you state about on nagstamon site?

Thanks

@HenriWahl

This comment has been minimized.

Copy link
Owner

HenriWahl commented Jan 10, 2019

@HenriWahl HenriWahl closed this Jan 10, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment