die_win32_portable_3.00.zip is reported as trojan #17
Comments
halamix2
changed the title
|
Hello! Thanks a lot for the information! |
|
I sent the information to Microsoft: https://www.microsoft.com/en-us/wdsi/submission/f24af0e1-727f-47c4-a6c0-85af3fdc6a70 |
|
Analyst comments: We have removed the detection. Please follow the steps below to clear cached detection and obtain the latest malware definitions.
Alternatively, the latest definition is available for download here: https://www.microsoft.com/en-us/wdsi/definitions Thank you for contacting Microsoft. |
|
Windows no longer reports trojan, however Firefox 79.0 reports this file as malicious Virustotal for die.exe file, 22 engines reported file as malicious ("invalid-rich-pe-linker-version" note is here but not on 2.05): https://www.virustotal.com/gui/file/cf5a19f0611de377178ca54d2ece443a4203f18d6de55fa9e9969a38fb53ca55/detection In comparison 2.05 was only reported as malware by 4 engines (usually lesser known ones are more likely to report false positive): https://www.virustotal.com/gui/file/6e802a66da626c456961577881ade3a9869e88e8051bc3a4a6955508aa4f5430/detection |
halamix2
changed the title
halamix2
changed the title
|
hmm. Did you tested: die_winxp_portable_3.00.zip ? |
|
Virustotal for die.exe from die_winxp_portable_3.00.zip: https://www.virustotal.com/gui/file/7bcc028ac392ae642da90eaf1b47f9977fdeca383ee1d97c67d70e99f34a3092/detection Windows Defender doesn't report the file (I have to reboot for testing on Windows, so it takes some time) |
|
Thanks for the info. The only thing that can be done is to wait until I have saved up enough money from donations to digitally sign the application. :) |
|
That won't help you anyway, don't waste your money. |
Do you know another solution? Just ignore the false detects? |
|
Whitelist where possible, ignore elsewhere. Those AV bastard employees get to pay for every detection they can put in a database, so they are more than happy to put any hacking tool on their lists. Especially if they use it themselves, that's the case with most of the system or hacking tools even with highly popular tools like Process Hacker. Some engines and signatures are licensed to other companies and if one of them puts you in their lists it's then spread to other AV products as well. No easy way out of false-positive detection hellhole, there is always some AV jerk who will think it's important to put your tool in Win64!HackingTool category or some other shit. |
|
@halamix2 Could you please try this? https://github.com/horsicq/DIE-engine/releases/download/3.00/die_win32_portable_noloader_3.00.zip |
|
|
|
@halamix2 Thanks a lot! |
|
I just downloaded die_win32_portable_3.00.zip.
I strongly dislike antivirus false positives. I'm sorry your project has to deal with this.
|
As like PElock suggested, "Don't waste money in buying expensive signatures". It won't help. Proof: Give some time to anti's to make your files recognizable. |
When scanning
die_win32_portable_3.00.zipWidows defender on Win 10 2004 reportsTrojan:Win32/Wacatac.C!mlindie_win32_portable/die.exedie_win32_portable_2.05.zipdoesn't report any trojanThe text was updated successfully, but these errors were encountered: