Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Chrome, Windows Defender, and others flagging as virus #748

Open
PicantePeperoni opened this issue Jun 4, 2024 · 5 comments
Open

Chrome, Windows Defender, and others flagging as virus #748

PicantePeperoni opened this issue Jun 4, 2024 · 5 comments
Labels
OS: Windows This issue affects Windows users

Comments

@PicantePeperoni
Copy link

Windows defender flagged as a Trojan in its latest quick scan and quarantined the exe and process. I assume that this is due to the hidden powershell changes but might not be.

During re-download, Chome also blocked the file so I checked the SHA256 and ran it though virustotal.

https://www.virustotal.com/gui/file/1704400cac8411fd98bdef3bdb4c116f1e561671b7f11f7de3e6d79e7a87f4a2/detection

Looks like false positives but wnated to make sure you are aware.
@davidnewhall
Copy link
Contributor

davidnewhall commented Jun 4, 2024
edited
Loading

Thanks for your report. Windows sucks. :) If I used it, I might be able to fix this junk.

And to be completely fair, this application is really no different than a trojan. It collects all your system data and sends it off to the Internet (for notifications). It also has a tunnel feature that allows incoming traffic to bypass most firewalls. This allows the website to interact with the clients. It's really all about trust, and these multi-billion-dollar corporations want you to believe they have your best interest in mind by asking if you really trust me. Toolbarr is even signed and throws similar warnings in Windows.

Getting Microsoft and Google to trust us may not be easy.

What are these 'hidden powershell changes' to which you referred?

@davidnewhall davidnewhall added OS: Windows This issue affects Windows users labels Jun 4, 2024
@PicantePeperoni
Copy link
Author

Thats what I assumed also and thank you for the details.

For the hidden powershell, I was referring to the match with sigma rule.
"Matches rule Non Interactive PowerShell Process Spawned by Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements) at Sigma Integrated Rule Set (GitHub)
Detects non-interactive PowerShell activity by looking at the "powershell" process with a non-user GUI process such as "explorer.exe" as a parent."

While I had warnings with previous versions of the software during download, it wasnt until v0.7.3 May 29, 2024 that Windows Defender took action and quarantined the process and exe. I thought I had saw a release note that this version switched to a background cmd prompt but I could be wrong about that.

@davidnewhall
Copy link
Contributor

This version removed the 'background' command/terminal window. It now acts like a GUI-only process in the eyes of Windows.

@PicantePeperoni
Copy link
Author

Makes sense. I was trying to draw a pattern between this update and windows. All of the old version EXEs are in that same folder and windows defender doesn't have any problem with them. But maybe defender updated it's definitions and maybe that's why. Only windows knows what it does, we can only guess.

@davidnewhall davidnewhall reopened this Jul 29, 2024
@davidnewhall
Copy link
Contributor

I'll close this when I sign the windows exe file and remove the nasty Microsoft warnings.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
OS: Windows This issue affects Windows users
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@davidnewhall @PicantePeperoni