AV False Positives (Malware, Riskware, Adware, Virus, Trojan and other BS) #27
Comments
|
I am unable to download it unless, of course, if I disable MS Defender
|
|
I can't afford a signing certificate so it's not going to happen. You are free to validate it's not dangerous as source code and build pipelines are completely open and transparent. |
What is the cost of a signing certificate? |
aloneguid
changed the title
|
Kaspersky and Sophos both left BT undetected for me, seems it might be a Microsoft specific issue. |
|
it's totally random and changes daily ;) |
|
Windows Defender (Win 11) just flagged bt-3.5.2 as "threats found" for me. Detected: Program:Win32/Wacapew.C!ml |
|
Same thing here, BT 3.5.2 was flagged by Microsoft Defender as PUA. It's possible to send files to Microsoft for further analysis: https://www.microsoft.com/en-us/wdsi/filesubmission/ – I urge you to do it if you are affected. |
I have used this before, and just submitting for latest version as "incorrectly identified as malware". Will let you know on progress: |
|
Analysis on above is still pending but some detections have already cleared out. |
|
It keeps getting deleted even when excluded from scans... I have to reinstall it every few days. |
|
There are 2 different .zip files. A pdb version which downloads fine and non-pdb version that doesn't. What's the difference between the 2? |
.pdb version is debug symbols to investigate crashes, you don't need that. |
You can permanently allow the "threat" until MS investigates. There are instructions available here. |
|
Windows Defender should now be fine, just got analysis results from Microsoft:
|
|
Also VirusTotal before and after (Microsoft AV is OK now). Hopefully others will follow the suit.
|
I have been doing that since the start, but it doesn't stick. That's why I notified you that currently it is allowed and working properly, but it crashes when trying to find updates... I am simply informing you of this, but it is alright if you are unable to resolve these. |
|
@neoOpus thanks. Update checks are already fixed and will be out in v3.6. Defender does not block it anymore. |
|
By the way, I reported the false positive to Avast (which also includes AVG), so VT now reports only 11 false positives. According to their reply, they reclassified BT from malware to PUA, since apparently it doesn't match their "clean software policy" (which, surprisingly, claims signing is preferred but not required):
|
|
@jnv I have raised Avast issue separately yesterday, and classification is cleared completely.
|
|
Also submitted a dispute to McAfee now. |
|
And just for fun to Malwarebytes. |
|
So far, it worked and I didn't have any issue :) |
|
Unfortunately we're back to 24 false positives for the v3.6.2 installer. Today even Microsoft Defender took down my locally compiled version. |
|
Microsoft seems to be happy, but others are not. It will help in long term to vote on VirusTotal community webpage: https://www.virustotal.com/gui/file/7273f03b70a07ab0e1cf96aa4702587ea850b72efbdeef4690bf44bb3edd295b/community
|
|
14/61 today!
|
|
|
|
Down to 11 today:
|
Down to 15 today. ZIP is catching up, as I'm submitting false positives for MSI only, which contains the same binary as zip. |
|
10 today. |
|
It seems Microsoft doesn't like the latest version as it has been automatically removed from my PC by Windows Defender. |
|
Same here, looks like Microsoft needs a ticket for every new version to allowlist it again. |
|
Also this is odd, because VirusTotal only reports 4 hits from "bad" AVs
|
|
I think if it was in Dotnet or other IL language it wouldn't have so many troubles. Because it is much easier to analyze than pure x86 instruction set. |
|
Yeah, but it would be also super slow and at least x100 bigger in size of downloads and ram. |
Not only the latest, also 1 or 2 previous - it broke, I installed newer one (deactivated the antivir) but at some point it reactivated... It actually breaks opening links if BT is set as default handle for hyperlinks. Typical Microsoft -.- Can we whitelist it manually? Or do we need to do that for every version as well? Edit: Going into the defender history and reverting + adding a manual entry for |
Is https://github.com/mortenn/BrowserPicker , for example, slow and bloated for you? |
|
From what I understand from this talk about Windows - BlueHat IL 2023 - David Weston - Default Security |
|
I downloaded version 4.0.2 today |
|
Please finish your thought ;) |
Browser Tamer by design needs to intercept links to work, this sometimes sets off the real time behavioral analysis of AV engines, when triggered most AVs will decided if it's malware based on reputation and manual review, obviously Browser Tamer is a small project with not a lot of users in the grand scheme of things, so the reputation is going to be low. Microsoft has already whitelisted versions of Browser Tamer after being submitted for manual review. Browser Tamer releases are built using GitHub Actions, and of course you can build it yourself too. |
I choose consciously and accept the possible risks, but others, seeing the scale, may give up at the very beginning |
|
Latest build has 2 warnings instead of 21, so it's totally random
|
|
If anyone knows how to contact "Sangfor" (chinese company) to submit false positive report please let me know. |
|
Have you tried using the website: https://www.sangfor.com/about-us/contact-us |
|
Thanks @dmocha, trying this one. |
|
Unfortunately that didn't work - no response for a week or so. However, after a lot of comms with various AV providers I have managed to reduct VT to only 1 (Sangfor):
|
Maybe they will be more responsive if you contact them via their social media (https://x.com/SANGFOR) |
|
@neoOpus seems like you have to be a premium user to contact them in the eX-twitter. |
|
I tried but maybe it is just like you said... I will keep you updated if they reply |
|
this is THE FIRST TIME we have ZERO virus detections! I'm not sure what you did @neoOpus but it seems to have worked!
|
|
👍 Now it would be useful to do the same with the bt.exe file Because the file sent to VT indicates two threats: |
|
@dmocha only Chinese AV companies seems to complain ;) |
|
4.2.0
|
After reinstalling Windows and configuring Bluetooth, MS Defender removed it after identifying it as malware (I didn't have time to add it to a whitelist)
Please figure out why it's happening and get it signed now. Even if it's free, some people might not like using it because it might scare them or be taken off their computers.
The text was updated successfully, but these errors were encountered: