v1.6.2 is showing viruses/trojans by several virus scanners #277
Comments
|
Well, maybe if I change the behaviour of installer not to enable RDP by default after installation, it will be more secure, and those AVs would be more quiet. |
|
It’s the behavior of the installer that is triggering the problem. The installer is a newly installed program that goes and download an INI or DLL, right? (Or anything over TLS.) Well, that is malicious behavior (at least that is how antivirus vendors see it). Digitally sign the installer with a code signing certificate. Then you can contact reach antivirus vendor individually and request that your signature is added to a whitelist. Alternatively: don’t download stuff off the web right away. Do auto-update like behavior and wait a week before you start downloading resources. This require that everything is bundled in the installer, however. |
|
Why not just package the DLLs/INIs with the installer instead of having them downloaded when the installer is run? In any case, I cannot even get v1.6.1 to download via Chrome, and if I download with another browser, our corporate AV solution flags it and deletes it, and then a ticket gets opened and an investigation is launched. I can have them whitelist the hash, but that would require at least a couple of hours of someone's time to verify in a sandbox that the tool is safe. I'm sure many others are facing the same issues as I am. |
They are already built-in. Online installation is optional feature and controlled by command-line arguments. |
|
If you made enabling RDP a checkbox option, I wonder if that would get around some of it as well. |
|
//edit:nvm, sorry for triggering notifications - i totally missed that it is mentioned in the last sentence of the first post. Also flagged by Current Stable Chome on Windows as malware/malicious download. Maybe you can file a |
|
(There are no exception for unsigned programs … it’s the certificate that is excluded not the software.) |
|
Any update on this? Chrome is still blocking the download. |
|
In chrome after download refuses to start click the "Show All" and there click "keep anyway". |
|
So, when downloading 1.6.1, Chrome blocked it. However, I went to Settings >> Downloads and was able to get Chrome to download it. However, when I tried to install it, my Malware detector, Bitdefender, also blocked it. Can you confirm that the download and install is safe? |
How I can do it? It's a matter of trust, since you're downloading it from official repo ( https://github.com/stascorp/rdpwrap/releases ). If you don't trust the binaries, you'll need to build it from source. If you don't trust the code, I don't know how to help you. |
|
@binarymaster you can provide a sha256sum or better still, you can provide a .sig file using a GPG key? And provide your GPG key's fingerprint for verification. There are still trust issues, but if you establish a good reputation with a GPG key, then it can be very much worthwhile. You can also create an account as keybase.io and verify your Github account through that, as well as verify your GPG key; then provide details of your fully verified keybase.io account. |
|
@binarymaster you can provide a sha256sum or better still, you can provide a .sig file using a GPG key? And provide your GPG key's fingerprint for verification. There are still trust issues, but if you establish a good reputation with a GPG key, then it can be very much worthwhile. You can also create an account at keybase.io and verify your Github account through that, as well as verify your GPG key; then provide details of your fully verified keybase.io account. |
|
Are you having trouble with GPG? Or maybe you are worry that taking rdpwrap off the malware list will make you a riper target for the M$ legal department? |
|
@distinguished-git unfortunately I have no free time to work on that. |
binarymaster
changed the title
|
The latest version has triggered even more virus alerts on Total Virus. It has now risen from 15 to 19 with some of the most commonly installed AV suites blocking RDP Wrapper including, as said above, Google Chrome. It is a superb utility and we need to assist binarymaster in getting it in a format that does not trigger such serious trojan and malware warnings. |
|
Just for curiosity's sake I rechecked all binaries in release, here are results:
|
|
The problem is! Binarymaster, is that those 18 anti malware scanners are amongst the most popular products and it leaves a huge number of users unable to install the files or try to create a quarantine exceptuin |
Since the project is targeted at system administrators and experienced users, this is not so huge. |
|
Honestly, what people concerned about this can do is report the detection to the AV vendors as false positives. Here is my pretty successful try with Kaspersky (that I'm using personally as AV): |
|
I think the issue is the virus scanners you are using. Where is the virus binarymaster snuck in? go look at the source code that he has kindly provided and show it to me! most of the complainers are just trying to get hits on the search engines so people will stop using this. who do these complainers work for? Microsoft or an affiliate? I have personally downloaded and compiled the source, which is how I am using this package. if you are concerned then do it that way. binarymaster is not getting paid! |
|
@asulwer, stop accusing people as working for someone etc... People aren't "complaining" they are just "asking" if there's a possibility to have this assume tool being more easy to use for the layman who isn't proficient in excluding or bypassing their AV. But as binarymaster correctly pointed out, this project is targeted for experienced users and it'll take too long for him to work on this issue. But the community can certainly try to help by reporting this as a False Positive to the AV vendors. |
|
To confirm what Asulwer just stated. Nobody is complaining and we all agree its a superb utility. We also all agree that the Virus scanners (18 out of 66 of them) are being far too sensitive to some aspect of the program and generating a false positive. Those 18 are some of the main anti-virus programs. The idea is to see if we can assist by either flagging it as false positive with each individual software provider or helping with another apsect in the coding or dll's. |
|
Bitdefender flagged 5 files:
I easily whitelisted the first 3. And it categorized all those files like this: |
|
@EliezerBee You'll need to add a parent directory to the exclusion list. Added folders exclude all nested files and directories. |
|
I would be afraid to just whitelist these:
essentially saying any malware that deposited files anywhere therein have a green light. Wouldn't you agree that's highly risky? |
|
Are you trying to automate the install process? If so, run a script that finds the exact absolute path and whitelist only that. If you're not automating, do this work by hand and whitelist the full path again. |
|
No, I'm not trying to script or automate anything. I'm simply trying to whitelist RDPWrap on one computer so that Bitdefender doesn't attack RDPWrap with every scan. It deleted the files from these two locations:
I had trouble manually copying the files back there, due to permissions. Should I change the permissions and copy the files back there? Are these even valid paths ("2d0161" and "{37ea...}") for me to whitelist? |
|
Honestly, I don't know. I'm just an end-user and I also don't use Windows Defender so I've never actually run into the problem you mentioned. This problem is not specific to this project. I recommend looking for help on Google or Youtube. Other people must have the same problem. |
|
Understood, and you're correct. |
This would be a great idea, actually. That's easy enough to document and for users of RDPWrap to do. And it would make people calmer since every AV wouldn't be alarming. |
|
While I do not speak for Microsoft, this was a very active targeted detection by Microsoft and they raised (falsely) the detection to the highest level. So, you can try to hide, just realize that Microsoft is targeting this. With that said, they had to go "out of their way" a bit to make it so. In other words, it took some effort for Microsoft to do this work. My guess is that other AVs are merely following... (I mean, you wouldn't want to be the one AV that doesn't detect a very high level (highest) security problem). |
|
OK, let's say it's Microsoft targeting RDPWrap. But most RDPWrap users are also running AV solutions. So why not put everyone at ease by making the small change of not enabling RDP as part of the installation? If we could eliminate all the alarming AVs, RDPWrap users will be happier. |
|
My point is, the problem isn't necessarily going to "go away", as Microsoft has RDPWrap (specifically) in its sites. They'd love to dismantle all others as well, but the big #1, if all else fails, is to ensure that RDPWrap is stopped, by force or by "implied" force by scaring the pants off the end user. The "trickier" that RDPWrap becomes, sadly, means the more "virus like" it may appear.... but I'm not the developer. Would welcome a return to what "was"... just not sure it's possible. |
|
Malware bytes still showing virus detected. So, is this file infected or safe? |
WARNINGRU: Если вы видите EN: If you see rdpwrap.ini with the letter b at the end of the update date, then this INI activates the backdoor (needs to be checked!) If the letter is a, then the backdoor is completely disabled (needs to be checked). I do not guarantee the truth. |
What absolute nonsense! |
|
The app stopped working after installing Bitdefender, and the antivirus application keeps blocking me from downloading a new one. I can't find any option to bypass this restriction. |
and others
15/58 virus scanners are showing malware in this package. In v1.6, they also showed 5/58. Something shady is going on with this package. See virus scanning results here:
https://www.virustotal.com/en/file/fed08bd733b8e60b5805007bd01a7bf0d0b1993059bbe319d1179facc6b73361/analysis/1498759251/
Some of these look like they are specifically detecting rdpwrap, but some look like they are detecting WisdomEyes and other malware.
Also, the latest version of Chrome on Windows refuses to download v1.6.1 saying that it is "dangerous". It does download v1.6 just fine though.
The text was updated successfully, but these errors were encountered: