-
Notifications
You must be signed in to change notification settings - Fork 297
Ledger Live 2.1.0, 2.2.0, 2.2.3 Installers and Uninstallers for Windows are triggering Windows Defender with Trojan:Win32/Bulta!rfn detection #2822
Comments
Thanks for raising this issue. |
No worries, I know it's not a normal issue but depending on a platform that could possibly go into a full release unnoticed. Feel free to close once addressed :) |
Still detected with 2.2.3 |
we are working on it #2860 |
Bracing for a tide of newcomers commenting "me too" Please just +1 the issue on top, thanks! @gre so it wasn't the automatic installation thingy? Just a framework update that caused it? Curious! |
Yes the issue is due to electron-userland/electron-builder#4793 that upgraded NSIS which likely is flagged by Windows antivirus.. (false positive) The issue only affects the Uninstaller and in the meantime you can use https://github.com/LedgerHQ/ledger-live-desktop/releases/download/v2.2.3/Uninstall.Ledger.Live.exe if you want to uninstall Ledger Live. unfortunately you MUST uninstall Live if you installed a 2.2.3 from scratch because app updates won't update the Uninstaller.. only the first install of Ledger Live do. That's why we are now preparing a 2.2.4 to try to minimize number of users entering this problem. It's already a prerelease at the moment. thanks |
2.2.4 was released. make sure to check message above. we'll try to document it better next week. |
Thanks! Glad that's sorted :) btw,
Are you sure that's the case? AV removed the uninstaller and when I installed 2.2.4 over my 2.2.3 install (which was missing the uninstaller due to above), the uninstaller got recreated just fine and the entry re-appeared in Windows' Add/Remove Apps |
very interesting! i guess it works if the uninstaller was removed before updating then 🤔 maybe it's just not copied if it exists. thanks for your feedback |
The bug is closed and has been solved in 2.2.4. Just be aware you need to fully uninstall 2.2.3 if you had it installed in the first time to correctly recover from the antivirus detection situation. Here is the diagram we think currently cover everything. The TLDR is that as soon as you have Ledger Live's Uninstaller being detected as a virus, we recommend to uninstall the Live using a "valid" (not detected as a virus) Uninstaller that we will also distribute on our website soon (but it's going to be https://github.com/LedgerHQ/ledger-live-desktop/releases/download/v2.2.3/Uninstall.Ledger.Live.exe – sha256sum of |
if there is any remaining issue you are facing and even after uninstalling and reinstalling completely, please create a new Github issue or contact our tech support. Thanks! |
EDIT from @gre:
The bug has been solved in 2.2.4. Just be aware that if the first time you installed Ledger Live was on 2.2.3 you need to fully uninstall it to correctly recover from the antivirus detection situation.
Here is the diagram we think currently cover everything.
The TLDR is that as soon as you have Ledger Live's Uninstaller being detected as a virus (or is gone), we recommend to uninstall the Live using a "valid" (not detected as a virus) Uninstaller that we will also distribute on our website soon (meanwhile => https://github.com/LedgerHQ/ledger-live-desktop/releases/download/v2.2.3/Uninstall.Ledger.Live.exe – sha256sum of
0e7245dde4d656758c3f03724e1615239cbe358f1a61db0b3b6326669b5cbd60 )
Ledger Live Version and Operating System
Expected behavior
Installer installs software
Actual behavior
Installer gets blocked by Windows Defender,
https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=Trojan%3aWin32%2fBulta!rfn&threatid=2147694403
Steps to reproduce the behavior
Note: 2.2.0 installer doesn't trigger this
The text was updated successfully, but these errors were encountered: