Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Chrome reporting "Virus Detected" when downloading release 0.1 #1

Open
DMacMakes opened this issue Dec 15, 2023 · 4 comments
Open

Chrome reporting "Virus Detected" when downloading release 0.1 #1

DMacMakes opened this issue Dec 15, 2023 · 4 comments

Comments

@DMacMakes
Copy link

I'm using Chrome 120.0.6099.71 (Official Build) (64-bit) on Windows 10, and I'm logged in to Github. I don't have any antivirus software installed beyond the built-in/Microsoft-issued Windows Defender. I visited the repo for RightClickFolderIconTools, clicked the latest release in the right nav ( RCFI Tools v0.1 ) in the right nav, clicked rcfi.tools.v.01.zip. It downloads, but the file never appears, and it warns me instead tha a virus was detected, next to a red download icon with a slash through it. See the attached image for the error, shown when I click the download icon on the right of the address bar (near the three-dot/kebab menu).

error_virus_detected_rcfi-tools-v0-1-zip
@DMacMakes
Copy link
Author

More info: I found the "Remediation" in "Windows Security -> Virus and threat protection", and it's taken exception to the RCFI Tools.bat file, having detected "Trojan:Win32/Vigorf.A". See the attached image for the full error.

image

@ramdany7
Copy link
Owner

Oh, yeah, I've never noticed it.
Yes, it looks like some antivirus programs, including Windows Defender, might flag the "RCFI Tools.bat" as a malicious program. It never happened to me before, but when I do the same thing as you do by downloading it from the GitHub repo using Chrome, it gets detected. I think probably it's because I own the files, and they originated from my PC, so Windows never scanned it, or it's automatically trusted because I tried to scan it manually, and it still was not detected.

However, in regards to this case, I don't know what to do. I think the batch file will always be suspected as 'malicious,' especially when it has a thousand lines with some suspicious activities like:

  • The shortcut function to search for the folder icon on the web/browser
  • The function to call and interact with other programs to convert and edit the images
  • The function to edit the registry to add the "Folder Icon Tools" to the Explorer context menu
  • The function to read, write, copy, and delete the config files and temporary files
  • The function to edit file attributes
  • Etc.

Those might look too suspicious to antivirus for a batch script/batch file to do all of that.
So the only solution is probably to make an exception manually through the program/antivirus that blocked it from running to allow it.

@ramdany7 ramdany7 closed this as not planned Won't fix, can't repro, duplicate, stale Dec 15, 2023
@ramdany7 ramdany7 reopened this Dec 15, 2023
@DMacMakes
Copy link
Author

Thanks for the response 🙏 Maybe it's something to add to the README down the line. Head off more questions/issues.

@ramdany7
Copy link
Owner

yes, i will add it to the README. thank you for reporting the issue and thank you for the ⭐star. really appreciate it. 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@DMacMakes @ramdany7