wedge icon indicating copy to clipboard operation
wedge copied to clipboard

Published 20 hours ago verified publisher icon MarcGuiselin

Falsely marked as malware

Open MarcGuiselin opened this issue 2 years ago • 7 comments

The installer for wedge is marked as malware by the following vendors:

  1. Windows smart defender sometimes marks installer as the malware below and quarantines the installer executable as soon as it is downloaded
  2. Google prevents downloading the file completely, marking it as dangerous

MarcGuiselin avatar Nov 21 '22 17:11 MarcGuiselin

Have you tried compiling with a different version of RustC?

rcmaehl avatar Nov 21 '22 20:11 rcmaehl

Have you tried compiling with a different version of RustC?

No. But that's some really good advice. I remember having to try several different toolchain versions to get the alpha version of wedge down to one false positive.

Tried a few different toolchains, and so far 1.59.0 gets the least false positives:

Machine-learning based malware detection is a joke.

I've updated the release, and Microsoft defender is not quarantining the file anymore. Unfortunately, google chrome still prevents downloading the file, even though in virustotal google is absolutely fine with it.

MarcGuiselin avatar Nov 22 '22 15:11 MarcGuiselin

Machine-learning based malware detection is a joke.

Tell me about it. I'm honestly going to sell out $400 for an EV Code Signing Certificate come tax season because I'm just plain tired of dealing with them.

rcmaehl avatar Nov 23 '22 02:11 rcmaehl

Tell me about it. I'm honestly going to sell out $400 for an EV Code Signing Certificate come tax season because I'm just plain tired of dealing with them.

You've had more of these kinds of issues than any open source software I've seen, so I don't blame you at all haha. I'd already given up in the past. The odds are definitely stacked up against these kinds of projects, but it's a noble and very necessary fight. Thanks for holding up the torch.

MarcGuiselin avatar Nov 23 '22 13:11 MarcGuiselin

On my end, I've found that if I roll back far enough I can avoid issues with google safe browsing as well. Using a nearly 4 year old toolchain and very outdated dependencies is far from ideal, but it'll work for the time being.

In the meantime I've reported false positives for the flagged binaries. I've also made several reports to google safe browsing here and here for repository, release pages and download links (objects.githubusercontent.com/...) marked as malware.

MarcGuiselin avatar Nov 23 '22 14:11 MarcGuiselin

I'm new to all of this, so I apologize if this is not the right place to ask, but how would I determine which path the installer is referring to when it gives the error message "Error on step 4/5 The system cannot find the path specified. (os error 3)"?

MatthieuAdler avatar Feb 22 '23 14:02 MatthieuAdler

I'm new to all of this, so I apologize if this is not the right place to ask, but how would I determine which path the installer is referring to when it gives the error message "Error on step 4/5 The system cannot find the path specified. (os error 3)"?

That'd be a new issue, unrelated to this one. I created a new issue thread here: #3

MarcGuiselin avatar Feb 22 '23 17:02 MarcGuiselin