I just got Free42 2.08 and Windows Defender on Windows 64 bit Home edition flagged it as a Trojan...said the threat was severe. This is the first time Defender has flagged anything...I deleted it...Has anyone else had this issue?
Some more info....Defender did not flag the ZIP file...it flagged it when I unzipped the file...The exact file in question was the Free42 Decimal version file...I deleted it all and went back to the older 2.07c version...
Here is the name of the Trojan according to Defender...
Trojan:Win32/Azden.A!cl
If you trust Defender... I prefer to trust Thomas.
It's easy to catch a false positive.
For your peace of mind try to submit it to
https://www.virustotal.com
EDIT: Someone already submitted it to Virustotal today: 0/61, I think you can stay assured there's no trojan therein.
(12-27-2017 09:40 AM)Massimo Gnerucci Wrote: [ -> ]It's easy to catch a false positive.
This. Especially when the antivirus heuristic cannot figure out the threat from a file, it tries to be more negative than positive. (I.e: "in doubt, flag it as bad")
side note: windows defender is better than nothing but it has not a good reputation among system administrators. Now at home many may use windows defender (I have some pc with no AV at all), in companies people choose other AV.
https://www.av-test.org/en/antivirus/bus...ws-client/
(12-27-2017 10:49 AM)pier4r Wrote: [ -> ] (12-27-2017 09:40 AM)Massimo Gnerucci Wrote: [ -> ]It's easy to catch a false positive.
This. Especially when the antivirus heuristic cannot figure out the threat from a file, it tries to be more negative than positive. (I.e: "in doubt, flag it as bad")
side note: windows defender is better than nothing but it has not a good reputation among system administrators. Now at home many may use windows defender (I have some pc with no AV at all), in companies people choose other AV. https://www.av-test.org/en/antivirus/bus...ws-client/
We know Pier, we know...
But I wouldn't put Avast in the same list as others there.
Looks like a false positive. The zip file on my web site is not compromised (I compared it to the one in my build VM), but just to be sure, I did a full rebuild, uploaded it to my web site, downloaded it, compared it to the one I just built (everything fine so far), and then when I unzipped it, Free42Decimal.exe got blocked by Defender, while Free42Binary.exe did not.
I have no idea why it's doing that or what I can do about it.
You can just tell Defender "restore" or "run anyway," and you should be OK.
UPDATE: Running a full scan on my build VM now. I don't expect that to turn up anything -- I use that VM for building Free42, running V41 and Emu42, and not much else -- but why not. I'll post the result when it's done.
(12-27-2017 02:07 PM)Thomas Okken Wrote: [ -> ]Looks like a false positive. The zip file on my web site is not compromised (I compared it to the one in my build VM), but just to be sure, I did a full rebuild, uploaded it to my web site, downloaded it, compared it to the one I just built (everything fine so far), and then when I unzipped it, Free42Decimal.exe got blocked by Defender, while Free42Binary.exe did not.
I have no idea why it's doing that or what I can do about it.
You can just tell Defender "restore" or "run anyway," and you should be OK.
UPDATE: Running a full scan on my build VM now. I don't expect that to turn up anything -- I use that VM for building Free42, running V41 and Emu42, and not much else -- but why not. I'll post the result when it's done.
As reported
earlier no other antivirus flagged your executables as "risky".
(12-27-2017 02:07 PM)Thomas Okken Wrote: [ -> ]Running a full scan on my build VM now. I don't expect that to turn up anything -- I use that VM for building Free42, running V41 and Emu42, and not much else -- but why not. I'll post the result when it's done.
447476 files scanned, 0 threats found.
UPDATE: I reported the false positive to Microsoft. (No idea how long it takes from doing that to the virus definitions getting updated.)
(12-27-2017 03:21 PM)Thomas Okken Wrote: [ -> ] (12-27-2017 02:07 PM)Thomas Okken Wrote: [ -> ]Running a full scan on my build VM now. I don't expect that to turn up anything -- I use that VM for building Free42, running V41 and Emu42, and not much else -- but why not. I'll post the result when it's done.
447476 files scanned, 0 threats found.
UPDATE: I reported the false positive to Microsoft. (No idea how long it takes from doing that to the virus definitions getting updated.)
I agree it is a false positive...Perhaps it would be wise to put a note on the Free42 wen site about this very issue...Not all who go there read this forum, and it would give a user the chance to ignore the warning from Defender and override it should they choose to.