WindowsSpyBlocker icon indicating copy to clipboard operation
WindowsSpyBlocker copied to clipboard

Published 20 hours ago verified publisher icon crazy-max

False positives

Open savchenko opened this issue 5 years ago • 9 comments

Situation seems to be spiralling a little out of control...

2019-10-06 23_09_18-Window

I have submitted "false-positive" reports to AVG, Avast and Microsoft1, but this is more of a temporary measure. https://github.com/crazy-max/WindowsSpyBlocker/issues/155 should help, however as usual, "no guarantees implied". I propose the following:

  1. Sign the application
  2. Talk to AV vendors with explicit documentation that WSB is:
    1. Not a malware
    2. Open-Source
    3. Signed by a known certificate

I am willing to take care of "communicating with AV vendors" part if needs be. Thoughts?

1: https://www.microsoft.com/en-us/wdsi/submission/863043f5-0814-4047-8213-86325ee360e9

savchenko avatar Oct 06 '19 13:10 savchenko

Hi @asvc,

I have submitted "false-positive" reports to AVG, Avast and Microsoft

Looks like it's solved for Microsoft now, thanks for your input.

  1. Sign the application
  2. Talk to AV vendors with explicit documentation that WSB is:
    1. Not a malware
    2. Open-Source
    3. Signed by a known certificate

This is definitely a good move! I will try to bring people here who have had this kind of issue with AV vendors. If you have more information, they are welcome!

crazy-max avatar Oct 06 '19 20:10 crazy-max

Minus one:

Re: Avast: False positive file WindowsSpyBlocker.exe [ ref:_00Db0Z3Sf._5000N1y33qn:ref ] Our virus specialists have been working on this problem and the provided file has been whitelisted.

savchenko avatar Oct 07 '19 08:10 savchenko

Everything looks fine now :)

image

crazy-max avatar Oct 07 '19 09:10 crazy-max

more false positive for 4.26.0 ? https://www.virustotal.com/gui/file/e090a29a356ed235c872f2a2ec63d0216c23ce5b0fc38ff00aa8641e3fa3fb62/detection

zeldaboch avatar Jan 02 '20 13:01 zeldaboch

@crazy-max I know these are false detections (and were confirmed so by antivirus vendors), but on Chocolatey there are false ones two times in a row (for 4.27.0 and 4.27.1). Do you mind letting me know if you have a clue to prevent false detections? Thanks!

luixxiul avatar Jan 25 '20 07:01 luixxiul

4.28.1 also got false positive now, by windows defender

0lm avatar Apr 23 '20 01:04 0lm

Continuing for 4.34.0: Trojan:Win32/Wacatac.D1!ml

hl2guide avatar Nov 12 '20 16:11 hl2guide

Continues for 4.34.2: Flagged by SmartScreen on new Edge I reported it as a false positive

Carterpersall avatar Jan 27 '21 17:01 Carterpersall

@crazy-max why don't you remove what is causing these false positives? surely you have an idea what it is causing these heuristic detection, do you compress the exe too much resulting in high entropy?

BigBroza avatar Aug 04 '22 03:08 BigBroza