-
Notifications
You must be signed in to change notification settings - Fork 17.4k
Atom detected as malware by antiviruses #3927
Comments
@paulcbetts Are |
@zcbenz Yes, they should be in the build Edit: The final generated Setup.exe is signed in the CI build, the template Setup.exe checked-in isn't signed (since the build process will change it anyways) |
@zcbenz yes they are. I have reported it to avast as a false positive. |
It looks like signing the final generated Setup.exe with a Code Signing certificate (which the official Atom CI build does) will cause them all to pass:
|
Great! thank you |
I'm getting (hopefully) a false positive on Atom.exe when installing the new AtomSetup.exe (See Issue #4244) on Sophos Anti Virus. |
@Fammy Can you give us the details of what Sophos claims it is infected with? |
@paulcbetts They claim it is infected with Mal/Behav-027. I submitted a sample of atom.exe to them a few minutes ago. I tested with Release 149 and 150, both AtomSetup.exe installs have the same issue. |
@Fammy Can you submit the AtomSetup.exe too? |
@paulcbetts I cannot, they do not accept files over 30MB. FWIW, I did not have any issues with the chocolatey install. |
I'm getting the Sophos error too. It seems to accept the initial installation (an item is created in Programs & Features), but it fails with this message - no doubt because Sophos has deleted its stuff before it can continue:
Workaround for me was to kill Sophos (which meant a couple of minutes of Task Manager whack-a-mole with the 2398576928 processes Sophos runs). |
It doesn't like Atom itself? That's bizarre. I'm not surprised that Squirrel is going to have some AV-related nonsense though - effectively, we do look a lot like a trojan, we unpack an executable then run it, which proceeds to install a bunch of other stuff. Just like any other installer technology :) |
👍 |
@Fammy Thanks for submitting it |
Just going to pop in and say that Avast deepscreen's AtomSetup.exe before it can continue, then it throws a few errors along the way that are sandboxed using AvastNG (I'm not sure if it's Avast throwing them or Squirrel). |
Avast has been non-stop detecting Update.exe and Squirrel.exe as malware (and moving them to the virus chest even after I've excluded them from being checked, effectively disabling auto-updates), as well as deepscreening Atom before it starts for the first time after upgrading. |
Thanks @50Wliu - not sure what else we can do here other than recommend people install MS Security Essentials instead of Avast. |
squirrel.exe was just removed from my system today by Symantec.cloud. It is their endpoint protection software. Luckily with Symantec it is an easy restore. I have been using atom for a few weeks now and this is the first time it has been reported as a suspicious item. Version info:
Symantec Report:
|
Problem still exists. (Same Symantec version as @jeffjarchow)
|
I had the similar "suspicious" reports from my Norton 360. |
Now that's interesting to me. Can you share a screenshot? |
@paulcbetts gave it another try today. Avast still blocks (see screenshot below), but it passed through Defender. IDK what was the problem with it yesterday. Maybe some Win glitch. Installed, turned Avast back on - works fine so far. P.S.: When you say smth like this:
I suppose you're on *nix / Mac, not using Win on a daily basis and just heard somewhere on the internet that MS made a Defender a full-featured built-in antivirus software. The fact is, it's not. It still lacks some essential features, it misses way more threats than freeware Avast Home, its databases are not that good etc. Using good 3rd-party antivirus software is still a good practice. |
I worked on the Windows Kernel at Microsoft, code I wrote is literally built into your operating system, tell me more about how I'm not a real Windows user |
Now now. If either of these things think it's a virus, that is cause for concern. I thought we were passing through Avast at some point? |
@benogle It looks like Evo-Gen is the same kind of generic heuristic as the others - from http://malwaretips.com/blogs/win32evo-gen-susp-virus: I'm not super concerned with Avast (whether it decides Squirrel is a virus seems to come and go), but Defender blocking us would be a HugeBig problem. We haven't heard of this at Slack at all recently, but it might be worth uploading AtomSetup.exe to Avast's whitelist. |
Same for me with Kaspersky. It prevents the execution of AtomeSetup.exe because it thinks it is "PDM:Trojan.Win32.Generic" |
Since I had the same thing happen to me with Kaspersky I took the liberty to email them about it being a false positive, just received an email back from them and it should be fixed in the next update. |
@traverse Thanks a lot! If other folx can do the same thing, that'd be amazing. Many AV vendors don't let you submit false positives without paying for their product :-/ |
This just happened today with me and Norton Security |
I had this happen for the first time with the new update of Atom in Nov 2016. As above, Norton flagged SONAR.AM.C!g1 as a Trojan/Virus. I kept reading online that I should consider it a false positive, but when I finally removed it, the odd behavior (lagging processes, video-refresh fails, and the slow network behavior) all disappeared. Not sure if it is a virus, but it certainly wrecked havoc with my system. |
Same thing just happened with me. This issue has been opened for a very long time, I hope this is sorted out soon. My tinfoil hat paranoid side is stopping me from using Atom.
|
In general this comes and goes as AV vendors tweak their virus-detection mechanisms. For anyone who's experiencing this, please file a false positive report with your vendor. |
Avira antivirus for windows detects it as malware. |
okay! |
Avast just deleted Atom from my laptop, it said the infection was IDP.ARES.Generic and it was in the atom update.exe Is this a false report? |
Getting this same problem, though it just says IDP.Generic for me. |
Also got the continual attack warnings. I'm running "WinPatrolWAR" so I am able to see the executables as they launch and allow or Quarentine them. Foe example.. "$r61ixy4.exe (32bit)" or $rdqhyb4.exe(64bit) which were both launched from the atom setup.exe file located in the recycle bin. I also noticed my python program "Anaconda" was trying to run scripts.."anaconda3\scripts (2to3.exe)". When I looked in my Win 7 control panel to uninstall programs I noticed that there was a second program in there installed on the same date as the Atom IDE. It was a "win64 driver updater" made in China. I removed Atom and the Chinese program...And am now scanning for any potential problems with ESET. Thanks for any advice. |
Update, ESET found no additional threats. I'm bummed about Atom IDE. I loved its simplicity. :-( |
This issue has been automatically locked since there has not been any recent activity after it was closed. If you can still reproduce this issue in Safe Mode then please open a new issue and fill out the entire issue template to ensure that we have enough information to address your issue. Thanks! |
Atom version: 0.136.0
From atom 0.136.0, the following two files are falsely detected as: Win32:Malware-gen:
atom-0.136.0\build\windows\Setup.exe
atom-0.136.0\build\windows\Update.exe
Avast version: 2015.10.0.2206
Virus signatures version: 141021-0
I will also submit this to avast.
The text was updated successfully, but these errors were encountered: