Downloads flagged as virus and blocked (by Windows Defender/Chrome/Edge)

[clach04]

Downloading:

1. https://github.com/skeeto/w64devkit/releases/tag/v2.0.0
   • flagged as PUA:Win32/Packunwan
   • flagged as PUA:Win32/GameHack
2. https://github.com/skeeto/w64devkit/releases/tag/v1.23.0
   • flagged as Trojan:Win32/Vigorf.A

This results in a failed download, so I've not been able to check out the compiler setup.

I'm assuming these are false positives, but I can't download them successfully to upload to any other antivirus services to get more details.

I've not tried any other versions.

[grable0]

They are indeed false positives. In fact, most binaries on github get flagged by these "services" in one way or another.
One might think its intentional at this point...

If you cant disable the antivirus crap in your browsers, you could try a third party downloader (wget, curl, etc). That would at least give you the files.

[clach04]

They are indeed false positives. In fact, most binaries on github get flagged by these "services" in one way or another. One might think its intentional at this point...

Which services were you able to corroborate this is a false-positive on?

I've been fairly lucky so far that my binaries hosted on GitHub haven't triggered any (yet...) 🤞

If you cant disable the antivirus crap in your browsers, you could try a third party downloader (wget, curl, etc). That would at least give you the files.

I suspect Defender will likely kick on for those too 😿 . Will have to find time try this out again. cURL happens to be built-in these days to current Windows versions, so no need to download a separate tool :-)

I ended up downloading Strawberry Perl, it has been my go-to Windows C compiler distribution for a while (I almost never use the perl shipped with it 😆 ). I briefly tried out Zig this morning but it's not a great C compiler for me (waaay too hard to set up simple optimization flags)

[skeeto]

I did a fresh Windows 10 install to see how it stands these days. I could not reproduce problems downloading 2.0.0 with either Edge or Chrome. They Just Worked, no problems. However, I got the "Virus detected" notice (as usual with "security' software, its confidence is far too high for its messaging) on 1.23.0. If I go to the Defender "Protection history" page it lists a "Threat blocked" on which I can choose "Action > Allow" to let the download through, after which it only freaks out about the Mark of the Web (MotW) on the first run. In short, "Allow" the download through the "Protection history" system configuration page after it fails.

[grable0]

Which services were you able to corroborate this is a false-positive on?

I know of no way to verify a false positive other than looking at the source of the binaries they complain about, compiling them myself and running them through virus total. So while i didnt specifically verify it today, i did test the ones it complained about in previous releases, leading me to ignore those claims.

I've been fairly lucky so far that my binaries hosted on GitHub haven't triggered any (yet...) 🤞

Its an increasing problem for sure! Various tools ive been using for years suddenly have "viruses" in them, even though the binaries havent changed one bit!
Plus these "services" never say what they are actually detecting, just a spooky sounding name and "trust me bro!".

Funny how they seem to not like programming tools, debuggers, patchers and the like huh?