New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Files detected as malware #7
Comments
Yeah, i tripped the Windows Defender alert a few times too when i was testing, it detected it as "Trojan:Win32/Fuerboos.A!cl". That didn't happen before, and it triggered an alert only on the updated PC, my laptop that i didn't update for months didn't have any problems. I mean, i can see why the package looks shady to the anti-virus: it extracts another binary files from its own binary and then launches that binary while sitting hidden in the background. Apparently, i used some virus-making techniques in this app. Oh well. ¯\_(ツ)_/¯ |
@SerGreen Hi, firstly, thank you for providing such a good and easy-to-use tool! |
Hi! Not really, to be honest. I added appacker.exe to Windows Defender exclusions, but it still bitches about it sometimes. Hey, i just realized that i can submit a sample to Microsoft Security Intelligence, maybe this will help to resolve this problem. What anti-malware software do you use? Perhaps it also has a similar option so they can investigate the file and stop detecting it as a virus. I submitted a ticket now, don't know how long it will take though since it's not an automated check and i'm not a priority client. I will comment when there's a result. |
@BryanYin Microsoft has already responded. That was quick, i expected it to take days, not just a few hours, wow. False positive detection in Windows Defender should be removed now. You have to update malware definitions for it to work, here's a copy-paste of how to:
It turns out that pretty much every anti-malware software has a 'report false positive' service. Why didn't i think of it earlier? I also submitted this app for review to Avast and Kaspersky. NOD32 does not detect it as a virus according to VirusTotal. |
Oh I needed to use this apps today and i'm sad to found that windows defender trigger it as a malware :/ Any news on the sample send to microsoft security ? |
@Coldragon The last time in September they removed false detection, but yeah, Defender recently got triggered again for me too (this time detected as Woreflint.A!cl). I resubmitted the app to the Microsoft Security on November 26 and they removed false detection once more. Try force updating your malware definitions and see if it helps:
The latest malware definitions version is 1.307.33.0. Here's how you can check what version you have: https://www.bleepingcomputer.com/tutorials/how-to-find-windows-defender-version-number-installed-in-windows-10. You can also add Appacker.exe to Defender's exceptions, though i'm not sure that packed apps won't trigger Defender too. |
Thank's. |
True. Hopefully Defender won't have another regression. I'll keep resubmitting the app for analysis would that happen again though. |
Thank's a lot for your work :) |
Unfortunately it still happens :D Besides that it actually is quite cool ^^ |
And unfortunately it will probably keep happening.
Source: https://howtofix.guide/trojanwin32-occamy-aa/ So yeah, 5 out of first 6 things match, so no wonder antiviruses get suspicious. P.S. Actually, it may be doing RWX memory too, i just don't know how to check that. |
Hey uh, it's cool that the Appacker exe is not recognized as malware, but what can I do if the antivirus detects the created executable as malware? |
@suleyth, honestly, i'm not sure if there's much to be done. Created executable does all that stuff that antiviruses don't like (namely it extracts another executable from itself and runs it), in fact, it utilizes the same tools as the main Appacker app. I thought antimalware software would treat them all the same way but i guess not. Though for me Windows Defender never triggered on created file yet. What's your antivirus btw? So, back to the original question: options would be to make a manual exception for the created exe and to report said file to the antivirus provider as false positive, although both options would not have great portability, as it might still trigger antivirus on another PC. |
Hi Uh chrome Detects it as dangerous and wont let me download it help |
Chrome can do that? o_O |
@SerGreen I have an idea on how to fix it: |
Thanks for the tip, i'll look into that. |
Just a quick thought for the point above with the unconventional language being used: |
I got this report from my malware scanner:
Package.exe is the executable file I created using the Appacker CLI.
Unpacker.exe is the file that Appacker generates in runtime (I guess).
Seems more like it could be a false positive.
The text was updated successfully, but these errors were encountered: