nparse icon indicating copy to clipboard operation
nparse copied to clipboard

Published 20 hours ago verified publisher icon nomns

Windows Security Vulnerability?

Open verax606 opened this issue 5 years ago • 6 comments

So, I love me some nparse, and now I don't want to play without it! Windows Security just flagged mine as a threat, and quarantined it.

Threat Detected: Behavior:Win32/DefenseEvasion.WR!ml Alert Level: Severe Detail: This program is dangerous and executes commands from an attacker

It was running fine for the last week or so, until just about an hour ago for me.

Anyone else having issues?

verax606 avatar Feb 01 '20 18:02 verax606

Unfortunately, I make the executable with PyInstaller and having false positives is a known issue. If you don't feel safe white flagging the executable, you can run nparse from the source.

See the Virus Total results.

nomns avatar Feb 01 '20 19:02 nomns

Same problem here, so have white flagged the command in windows firewall but when running as administrator getting "windows cannot access the specified device path or file, you may not have the appropriate permissions to access the item"

Also tried running from source and am getting lots of similar messages to this when running python3.6 { "resource": "/e:/Users/paul/Downloads/nparse-0.5.1/nparse-0.5.1/nparse.py", "owner": "python", "code": "no-name-in-module", "severity": 8, "message": "No name 'QIcon' in module 'PyQt5.QtGui'", "source": "pylint", "startLineNumber": 7, "startColumn": 1, "endLineNumber": 7, "endColumn": 1 }

paulmac57 avatar Apr 05 '20 08:04 paulmac57

Needed to do :- pip install pyqt5 and pip install requests to get the source code working but still having permission problems with nparse.exe even when running as administrator

paulmac57 avatar Apr 05 '20 14:04 paulmac57

Interesting. I just setup a new dev environment for nParse and it installed requests. Also, I just downloaded the 0.5.1 (uhg, been way too long) release and once I allowed it through defender, it works without issue.

I am going to use this week (got some time off work finally) to get some stuff together for an update. Hopefully pyInstaller has fixed some of these false flags.

nomns avatar Apr 05 '20 16:04 nomns

Unfortunately, I make the executable with PyInstaller and having false positives is a known issue. If you don't feel safe white flagging the executable, you can run nparse from the source.

See the Virus Total results.

@nomns I am getting 21/72 engines flagging it as unsafe when uploading the file myself and using your link just FYI.

bigdaddy4747 avatar Apr 18 '20 20:04 bigdaddy4747

@bigdaddy4747 Yeah, those are the false positives.

nomns avatar Apr 20 '20 02:04 nomns