Virus warning from Microsoft defender and Virustotal #88
Comments
Pareidol
changed the title
|
But strangely, if I test the link for the exe directlly, it shows no virus. |
|
Unsigned files will always give a smartscreen warning, until their alternate data stream contains information marking that you've accepted the risk of running an 'unknown' exe at least once. You can read more about that here. As for the VT results, that's a false positive and can't really be avoided, as the application is built with pyinstaller. More info about why that happens here. Every time I release my ChocolateyUpdate binary I have to report it as a false positive to Microsoft, otherwise it's automatically quarentined during the self update process, which is obnoxious for the users. Not everyone can afford to sign their binaries. |
|
This release is reviewed by Community and Microsoft rules. Check the validation here: microsoft/winget-pkgs#41279 (comment) |
FYI: Just because it is the EXE instead of the MSI does not mean it is a portable version. Be aware that it does leave files on the C drive. See the following topic on a portable version enhancement request: If you (or anyone else reading this) would also find a portable version useful then upvote the enhancement request above or offer your help if you have coding skills. |
|
sorry for bothering you, where does it leave files on the c drive? I apologize I am new in these things... |
In this comment see where located the settings and the CLI Backends |
|
I jump into the discussion, as someone in my entourage took a deeper look into virustotal and found some possible suspicious data: Contacted Domains and Contacted IP addresses to IP addresses that itself could be links to malware: https://www.virustotal.com/gui/file/71d4fc4eea97199218fdde36717e90326ed0fd4bd980c6afbffc263514e34be9/relations I have no clue if this a false alarm of virustotal (personally I think so) or not, but I think that a real problem with malware would have been discovered long ago. Is there an idea, where this IP addresses may come from? |
|
You can check the steps for build the |
|
The IPs belong to Microsoft, https://asrank.caida.org/asns/8068 & https://asrank.caida.org/asns/8075 confirm as much. False-positive for sure. |
|
Avast also seems to block the website used to download the exe |
|
For Windows users can install |
I downloaded the latest portable version for windows (like I did for the 0.4 version a long time ago).
As I tried to run it i got a Windows warning ("pc protected trough windows" or similar).
Next I tested the downloaded file via virustotal, and there I also got some warnings.
I also tested the .msi and got warnings as well.
https://www.virustotal.com/gui/file/71d4fc4eea97199218fdde36717e90326ed0fd4bd980c6afbffc263514e34be9
https://www.virustotal.com/gui/file/52151f4964b9da2ba96dadb2050491e26f89ef4291ce9a5e08c60093a7532aef
The text was updated successfully, but these errors were encountered: