MSEdgeRedirect
MSEdgeRedirect copied to clipboard
rcmaehl
Releases page flagged as Unwanted Software by Google Safe Browsing
Describe the request The releases page of this repo has been flagged as malicious by Google, resulting in a big red warning in Chrome and Firefox (possibly other browsers too). As a result downloads are blocked as well and need to be allowed manually.
Screenshots
Desktop (please complete the following information):
- OS: Any
- Build Any
Additional context Related: https://geekflare.com/tools/tests/3o910hetl https://twitter.com/christitustech/status/1553445177221586947
Can confirm. I had to update and this error popped up, after clicking "ignore the risk", and downloading the exe, Firefox flagged it (the exe) as harmful and may contain viruses or whatever.
I go on vacation for 4 days and apparently this is what I come back to. Whoo.
https://github.com/rcmaehl/MSEdgeRedirect/releases is blocked https://github.com/rcmaehl/MSEdgeRedirect/releases/ is not
I honestly don't know what to make of this
@ChrisTitusTech I've already replied to twitter but sorry that you got caught in the crossfire.
Looks like @isaak654 and Sandboxie-Plus had the same issue a while ago. I'm going to review the install/uninstall process to see if that can improve things.
I was able to bombard youtube via Twitter, and the strike was reversed. Still a bit a bummer for an awesome project. It's not the creators fault, just googles algo go wonky.
TODO:
- [x] #65. Pretty sure the installer/uninstaller leaves behind some registry entries. Lets get those cleaned up
- [x] Discontinue directly offering x86 builds. Will still be availabe in the .zip. x86 has been ~5% of total downloads (5,845 of 110k) Generally receives 2-4x the AV false positive rate of x64
- [x] Archive old releases Especially pre-0.5.0.1 due to security advisory. The less number of AV false positives on the releases page, the better.
- [ ] Swap to own logo Stop using a modified Microsoft Edge logo to prevent any Intellectual Property issues
- [ ] Add Webdriver option
Mix between IEFO and Service Mode.
https://github.com/Danp2/au3WebDriverhttps://msedgedriver.azureedge.net/<version>/edgedriver_win<arch>.zip - [ ] Code Signing Cert While an EV code signing cert would be preferred. It is a large chunk of change. A regular $100ish/yr cert will do fine in the meantime.
Actions taken so far:
- Jul 31: Updated all internal links to use
/releases/ - Jul 31: Filled out the Safe Browsing False Positive form. Although this seems to be only for phishing.
- Aug 1: Discontinued direct x86 build links for releases.
- Aug 1: Contacted Github Support to see if they could file a review for Security Issues. Github support ticket #1726178
- Aug 1: Contacted Google through the Report A Security Issue form Sandboxie Plus found. Case ID [5-8504000032703]
- Aug 1: Contacted Graphic Artist for new logo design
- Aug 1: Received preliminary draft for new logo design
- Aug 2: Received response Google could not verify ownership. Responded with proof of ownership and advised further on the content.
- Aug 3: Cleaned up leftover registry key if no other software created by me is installed
- Aug 4: Google directed me to Github Support as well as Search Central Community.
- Aug 4: Uploaded New Logo base to github. Working on new logo using base, along with other assets.
- Aug 5: Continued drafts for updated Logo with Graphic Artist
- Aug 6: Removed old assets from Releases
- Aug 6: Removed nightly.link from Releases page
- Aug ?: Submitted Web False Positive to Avira per Virustotal Detection
- Aug 16: Fixed issue with WinGet keeping old packages
- Aug 16: Added option to installer to Submit False Positive
- Aug 18: Avira removed Releases page from their Blacklist per Virustotal
- Sep 11: Removed from Google Safe Browsing Blacklist
Continuation:
- Oct 27(ish): Entire repo added to Google Safe Browsing Blacklist
- Oct 27: Filled out the Safe Browsing False Positive form.
- Oct 27: Re-added the option to quick submit the project as a false positive after installation to release 0.7.2.0, deselected by default.
- Oct 31: Filed False Positive with Fortinet
- Nov 1: Removed from Fortinet Blacklist
- Nov 1: Removed from Google Safe Browsing Blacklist!
I think it may be probably due to this issue plaguing GitHub recently https://www.bleepingcomputer.com/news/security/35-000-code-repos-not-hacked-but-clones-flood-github-to-serve-malware/
@micwoj92 Any way to have a new release remove assets from old releases during github actions CI?
No idea. I have quickly looked and there are couple "delete assets" actions on github marketplace with various degrees of feature richness and configurability.
No idea. I have quickly looked and there are couple "delete assets" actions on github marketplace with various degrees of feature richness and configurability.
Yeah, saw those. Just wanted your opinion since a lot of them don't show a lot of usage.
Same problem with Firefox, both when opening page and when opening the .exe file.
Reported a false positive and thank you. This so works. I can finally use search.
Can we get new release soon? The old file is still flagged, making it unable to install on business hardware :C
Can we get new release soon? The old file is still flagged, making it unable to install on business hardware :C
Yep. Will be prioritizing getting a new Webdriver based mode added this weekend and hopefully have 0.7.1.0/0.8.0.0 out.
It's like security and AVs are going backwards, to the 90's whitelist by hand trash. Ain't a low number of FPs equally important to detection rates?! Cause I can block everything myself without their cloud, AI, heuristics, ATP and dozens more buzzwords
Yesterday Defender started FP my scripts. FFS! I went powershell-less once, now vbs-less. Relevant part is now just cmd. And flashing window 👎 Frankly, it's unacceptable. "Smart Screen", "Safe Browsing" are nothing but corporate bully tools. Good luck to you!
Frankly, it's unacceptable. "Smart Screen", "Safe Browsing" are nothing but corporate bully tools. Good luck to you!
Yep, you as well!
I just now realized... Isn't that Microsoft being just rude and spam-reporting the software?
I just now realized... Isn't that Microsoft being just rude and spam-reporting the software?
No clue honestly. It definitely FEELS that way as only a specific URL is blacklisted despite being accessible multiple ways.
https://github.com/rcmaehl/MSEdgeRedirect/releases is blocked https://github.com/rcmaehl/MSEdgeRedirect/releases/ is not
Despite being the EXACT SAME PAGE.
But I'll hold onto Hanlon's razor for now.
Have anyone check website code by the way? Microsoft owns GitHub now, I wonder would they add something malicious in the background to have the page flagged again and again.
And no telling me they wouldn't do that for sure, when they are not playing nice in the first place with forcing Bing and Edge.
They arent, if they were it would be in all release pages due to how the site is set up, not one individual one. Besides, Microsoft doesn't have that much ill will towards stuff like this outside of frustrating its efforts. Think about it, if they truly cared that much, they could just blacklist the executable from running in Windows, they don't have to try to sow malice
I just now realized... Isn't that Microsoft being just rude and spam-reporting the software?
No clue honestly. It definitely FEELS that way as only a specific URL is blacklisted despite being accessible multiple ways.
rcmaehl/MSEdgeRedirect/releases is blocked rcmaehl/MSEdgeRedirect/releases is not
Despite being the EXACT SAME PAGE.
But I'll hold onto Hanlon's razor for now.
Neither of these trigger the warning for me, but I'm not sure if that's a setting I have changed somewhere and forgot or if the warning is only triggering for certain people
Neither of these trigger the warning for me, but I'm not sure if that's a setting I have changed somewhere and forgot or if the warning is only triggering for certain people.
Its triggering for me also. So, these reasons might not be triggering the warning on your device -
~~1) You might be using mobile phone. On mobile phone it does not trigger the warning.~~ 2) You might have changed a setting. 3) You might not be updated to the latest version.
New EXE is blocked by chrome, no way to override?
Are you clicking "view all downloads"?
Reported false positive from my mobile. Will be reporting a false positive from my computer also.
