DiskCryptor icon indicating copy to clipboard operation
DiskCryptor copied to clipboard
verified publisher icon DavidXanatos

Virustotal results

Open papiru5 opened this issue 2 years ago • 4 comments

At VT new version has 32/72 score with most common AV brands like MS, Symantec, Kaspersky, McAfee and so on, so installation is about question. Do you plan to sign executable and fit AV tests? изображение

papiru5 avatar Oct 25 '23 20:10 papiru5

Nope, just complain with the AV vendor of your choice to clear the false positive.

DavidXanatos avatar Oct 25 '23 20:10 DavidXanatos

It's probably because DCryptor is used in a several ransomware campaigns nowadays.

Therefore the ability to install it "silently" may not be a good thing.

AlxVD avatar Oct 25 '23 23:10 AlxVD

It's probably because DCryptor is used in a several ransomware campaigns nowadays.

Therefore the ability to install it "silently" may not be a good thing.

You think removing silent install from the installer would help? I can try that.

About the ransomware campaigns this is why with build 1.3.0 we added "safe system volume encryption (botoloader is tested before anythign gets encrypted)" it only protects the system volume but most users only have one volume anyways.

DavidXanatos avatar Oct 26 '23 06:10 DavidXanatos

You think removing silent install from the installer would help? I can try that.

Won't really help, of cause - AFAIR they just copy folder with installed program over the SMB and run dcinst remotely.

P.S. Here is site with description of one such campaign: https://id-ransomware.blogspot.com/2023/04/dchelp-ransomware.html

AlxVD avatar Oct 26 '23 08:10 AlxVD

We have digitally signed the installer so that should take care of most of the false positives: https://github.com/DavidXanatos/DiskCryptor/releases/tag/v1.3.0b

DavidXanatos avatar Feb 23 '24 14:02 DavidXanatos