Post Reply 
Windows Defender flagged Free42 2.08...
12-27-2017, 07:23 AM
Post: #1
Windows Defender flagged Free42 2.08...
I just got Free42 2.08 and Windows Defender on Windows 64 bit Home edition flagged it as a Trojan...said the threat was severe. This is the first time Defender has flagged anything...I deleted it...Has anyone else had this issue?
Find all posts by this user
Quote this message in a reply
12-27-2017, 08:27 AM
Post: #2
RE: Windows Defender flagged Free42 2.08...
Some more info....Defender did not flag the ZIP file...it flagged it when I unzipped the file...The exact file in question was the Free42 Decimal version file...I deleted it all and went back to the older 2.07c version...
Find all posts by this user
Quote this message in a reply
12-27-2017, 08:32 AM
Post: #3
RE: Windows Defender flagged Free42 2.08...
Here is the name of the Trojan according to Defender...
Trojan:Win32/Azden.A!cl
Find all posts by this user
Quote this message in a reply
12-27-2017, 09:40 AM (This post was last modified: 12-27-2017 09:44 AM by Massimo Gnerucci.)
Post: #4
RE: Windows Defender flagged Free42 2.08...
If you trust Defender... I prefer to trust Thomas.

It's easy to catch a false positive.
For your peace of mind try to submit it to https://www.virustotal.com

EDIT: Someone already submitted it to Virustotal today: 0/61, I think you can stay assured there's no trojan therein.

Greetings,
    Massimo

-+×÷ ↔ left is right and right is wrong
Visit this user's website Find all posts by this user
Quote this message in a reply
12-27-2017, 10:49 AM (This post was last modified: 12-27-2017 10:50 AM by pier4r.)
Post: #5
RE: Windows Defender flagged Free42 2.08...
(12-27-2017 09:40 AM)Massimo Gnerucci Wrote:  It's easy to catch a false positive.
This. Especially when the antivirus heuristic cannot figure out the threat from a file, it tries to be more negative than positive. (I.e: "in doubt, flag it as bad")


side note: windows defender is better than nothing but it has not a good reputation among system administrators. Now at home many may use windows defender (I have some pc with no AV at all), in companies people choose other AV. https://www.av-test.org/en/antivirus/bus...ws-client/

Wikis are great, Contribute :)
Find all posts by this user
Quote this message in a reply
12-27-2017, 11:31 AM
Post: #6
RE: Windows Defender flagged Free42 2.08...
(12-27-2017 10:49 AM)pier4r Wrote:  
(12-27-2017 09:40 AM)Massimo Gnerucci Wrote:  It's easy to catch a false positive.
This. Especially when the antivirus heuristic cannot figure out the threat from a file, it tries to be more negative than positive. (I.e: "in doubt, flag it as bad")


side note: windows defender is better than nothing but it has not a good reputation among system administrators. Now at home many may use windows defender (I have some pc with no AV at all), in companies people choose other AV. https://www.av-test.org/en/antivirus/bus...ws-client/

We know Pier, we know...

But I wouldn't put Avast in the same list as others there.

Greetings,
    Massimo

-+×÷ ↔ left is right and right is wrong
Visit this user's website Find all posts by this user
Quote this message in a reply
12-27-2017, 02:07 PM (This post was last modified: 12-27-2017 02:15 PM by Thomas Okken.)
Post: #7
RE: Windows Defender flagged Free42 2.08...
Looks like a false positive. The zip file on my web site is not compromised (I compared it to the one in my build VM), but just to be sure, I did a full rebuild, uploaded it to my web site, downloaded it, compared it to the one I just built (everything fine so far), and then when I unzipped it, Free42Decimal.exe got blocked by Defender, while Free42Binary.exe did not.

I have no idea why it's doing that or what I can do about it.
You can just tell Defender "restore" or "run anyway," and you should be OK.

UPDATE: Running a full scan on my build VM now. I don't expect that to turn up anything -- I use that VM for building Free42, running V41 and Emu42, and not much else -- but why not. I'll post the result when it's done.
Visit this user's website Find all posts by this user
Quote this message in a reply
12-27-2017, 02:29 PM
Post: #8
RE: Windows Defender flagged Free42 2.08...
(12-27-2017 02:07 PM)Thomas Okken Wrote:  Looks like a false positive. The zip file on my web site is not compromised (I compared it to the one in my build VM), but just to be sure, I did a full rebuild, uploaded it to my web site, downloaded it, compared it to the one I just built (everything fine so far), and then when I unzipped it, Free42Decimal.exe got blocked by Defender, while Free42Binary.exe did not.

I have no idea why it's doing that or what I can do about it.
You can just tell Defender "restore" or "run anyway," and you should be OK.

UPDATE: Running a full scan on my build VM now. I don't expect that to turn up anything -- I use that VM for building Free42, running V41 and Emu42, and not much else -- but why not. I'll post the result when it's done.

As reported earlier no other antivirus flagged your executables as "risky".

Greetings,
    Massimo

-+×÷ ↔ left is right and right is wrong
Visit this user's website Find all posts by this user
Quote this message in a reply
12-27-2017, 03:21 PM (This post was last modified: 12-27-2017 05:33 PM by Thomas Okken.)
Post: #9
RE: Windows Defender flagged Free42 2.08...
(12-27-2017 02:07 PM)Thomas Okken Wrote:  Running a full scan on my build VM now. I don't expect that to turn up anything -- I use that VM for building Free42, running V41 and Emu42, and not much else -- but why not. I'll post the result when it's done.

447476 files scanned, 0 threats found.

UPDATE: I reported the false positive to Microsoft. (No idea how long it takes from doing that to the virus definitions getting updated.)
Visit this user's website Find all posts by this user
Quote this message in a reply
12-28-2017, 01:14 AM
Post: #10
RE: Windows Defender flagged Free42 2.08...
(12-27-2017 03:21 PM)Thomas Okken Wrote:  
(12-27-2017 02:07 PM)Thomas Okken Wrote:  Running a full scan on my build VM now. I don't expect that to turn up anything -- I use that VM for building Free42, running V41 and Emu42, and not much else -- but why not. I'll post the result when it's done.

447476 files scanned, 0 threats found.

UPDATE: I reported the false positive to Microsoft. (No idea how long it takes from doing that to the virus definitions getting updated.)

I agree it is a false positive...Perhaps it would be wise to put a note on the Free42 wen site about this very issue...Not all who go there read this forum, and it would give a user the chance to ignore the warning from Defender and override it should they choose to.
Find all posts by this user
Quote this message in a reply
Post Reply 




User(s) browsing this thread: 1 Guest(s)