Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Windows 10 - Installer recognized as trojan (Win32/Fuerboos.A!cl) by Defender #4170

Closed
stephanbruny opened this issue Dec 27, 2017 · 3 comments

Comments

Projects
None yet
4 participants
@stephanbruny
Copy link

commented Dec 27, 2017

my environment running ArangoDB

I'm using the latest ArangoDB of the respective release series:

  • 3.2

On this operating system:

  • Windows, version: 10 Home (1709)

this is an installation-related issue:

The current (27. december 2017) .exe-installer will cause an Windows Defender alert, when downloaded, or executed.
The file (or parts thereof) will be indicated as a trojan (Win32/Fuerboos.A!cl) and the installation cannot be finished.

@sleto-it

This comment has been minimized.

Copy link
Contributor

commented Dec 27, 2017

Hi @stephanbruny,

Thanks for opening this ticket. I was not able to reproduce the exact message you get doing some quick tests on my Win 10 machine

Please could you let us know version information of your windows defender (you can take a screenshot after searching "windows defender setting" on your pc). Please also let us know the exact windows build you are using (search "system information")

Can be related to the fact that the .exe is not signed, #1082

As possible temporary workaround, please know that there is a zip package as well (just unzip it somehwere and then from a command line start arangod or arangodb - depending on your needs)

Thanks,

@Simran-B

This comment has been minimized.

Copy link
Contributor

commented Dec 28, 2017

@sleto-it I know from my personal experience that various antivirus software including Windows Defender and SmartScreen frequently detect ArangoDB installers as malware. This is mostly caused by the generic heuristic that recognizes patterns like unpacking compressed/encrypted executable and starting it as service that listens for incoming requests in combination with a "rare" binary (which it is for every new release). After a while, that should stop happening, once it is not considered a rare binary anymore.

@dothebart

This comment has been minimized.

Copy link
Contributor

commented Apr 26, 2018

Hi,
since this occurs now and then and can only be solved by signing windows installer packages (which is on our roadmap) and we already have #1082 for this I will close this as duplicate.

@dothebart dothebart closed this Apr 26, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.