bt
bt copied to clipboard
aloneguid
AV False Positives (Malware, Riskware, Adware, Virus, Trojan and other BS)
After reinstalling Windows and configuring Bluetooth, MS Defender removed it after identifying it as malware (I didn't have time to add it to a whitelist)
Please figure out why it's happening and get it signed now. Even if it's free, some people might not like using it because it might scare them or be taken off their computers.
I can't afford a signing certificate so it's not going to happen. You are free to validate it's not dangerous as source code and build pipelines are completely open and transparent.
I can't afford a signing certificate so it's not going to happen. You are free to validate it's not dangerous as source code and build pipelines are completely open and transparent.
What is the cost of a signing certificate?
It's about $1.5k for 3 years. Could be less if you shop around. But that won't solve false AV issues, you can still be banned and certificate revoked for no reason. I think realistically one needs a legal team to deal with AV false claims which I apparently don't have. I'd recommend having a read:
- https://weblog.west-wind.com/posts/2016/Oct/05/Dealing-with-AntiVirus-False-Positives
- https://www.autohotkey.com/boards/viewtopic.php?t=87322
- https://steamcommunity.com/app/779590/discussions/0/2572002906839928114/
- https://help.steampowered.com/en/faqs/view/5F3D-1477-AFF9-C4F3
- https://www.linkedin.com/pulse/kaspersky-reasons-false-positives-amirabbas-mahdavi
- https://www.gdatasoftware.com/blog/2022/06/37445-malware-detection-is-hard
- https://medium.com/@airflow.matt/globalsign-will-revoke-your-codesign-certificate-no-questions-asked-f6ac2bca02c5
And by the way, the last BT version (3.5.0) has only a single AV's claim out of 90, unlike 29 out of 90 for version 3.4.0, so it's totally random trash. I've myself became very pessimistic about usefulness of AV software in general after dealing with this.
Kaspersky and Sophos both left BT undetected for me, seems it might be a Microsoft specific issue.
Windows Defender (Win 11) just flagged bt-3.5.2 as "threats found" for me.
Detected: Program:Win32/Wacapew.C!ml
Same thing here, BT 3.5.2 was flagged by Microsoft Defender as PUA. It's possible to send files to Microsoft for further analysis: https://www.microsoft.com/en-us/wdsi/filesubmission/ – I urge you to do it if you are affected.
Same thing here, BT 3.5.2 was flagged by Microsoft Defender as PUA. It's possible to send files to Microsoft for further analysis: https://www.microsoft.com/en-us/wdsi/filesubmission/ – I urge you to do it if you are affected.
I have used this before, and just submitting for latest version as "incorrectly identified as malware". Will let you know on progress:
Analysis on above is still pending but some detections have already cleared out.
It keeps getting deleted even when excluded from scans... I have to reinstall it every few days.
There are 2 different .zip files. A pdb version which downloads fine and non-pdb version that doesn't. What's the difference between the 2?
There are 2 different .zip files. A pdb version which downloads fine and non-pdb version that doesn't. What's the difference between the 2?
.pdb version is debug symbols to investigate crashes, you don't need that.
It keeps getting deleted even when excluded from scans... I have to reinstall it every few days.
You can permanently allow the "threat" until MS investigates. There are instructions available here.
Windows Defender should now be fine, just got analysis results from Microsoft:
Also VirusTotal before and after (Microsoft AV is OK now). Hopefully others will follow the suit.
It keeps getting deleted even when excluded from scans... I have to reinstall it every few days.
You can permanently allow the "threat" until MS investigates. There are instructions available here.
I have been doing that since the start, but it doesn't stick. That's why I notified you that currently it is allowed and working properly, but it crashes when trying to find updates... I am simply informing you of this, but it is alright if you are unable to resolve these.
@neoOpus thanks. Update checks are already fixed and will be out in v3.6. Defender does not block it anymore.
By the way, I reported the false positive to Avast (which also includes AVG), so VT now reports only 11 false positives.
According to their reply, they reclassified BT from malware to PUA, since apparently it doesn't match their "clean software policy" (which, surprisingly, claims signing is preferred but not required):
Thank you for contacting Avast and reporting a false positive detection. We're happy to help.
Along with the Avast virus specialist, we’ve checked the reported file and changed the threat detection to PUP (potentially unwanted program). The PUP detection is due to lack of compliance with Avast’s clean software policy.
For more information, refer to this article: Avast Threat Labs - Clean guidelines
If you are the owner of the reported file and want to change the detection to clean, feel free to contact us again for a new analysis as soon as the file matches the Avast guidelines.
@jnv I have raised Avast issue separately yesterday, and classification is cleared completely.
Unfortunately we're back to 24 false positives for the v3.6.2 installer. Today even Microsoft Defender took down my locally compiled version.
Microsoft seems to be happy, but others are not. It will help in long term to vote on VirusTotal community webpage: https://www.virustotal.com/gui/file/7273f03b70a07ab0e1cf96aa4702587ea850b72efbdeef4690bf44bb3edd295b/community
