NeSync icon indicating copy to clipboard operation
NeSync copied to clipboard

NeSync installer on windows detected as malware

Open fxdeniz opened this issue 1 year ago • 3 comments

NeSync uses NSIS as a installer on Windows. And, antiviruses Bkav Pro and SecureAge flag exe files based on NSIS as a virus.

Detection names: Bkav Pro: W32.AIDetectMalware SecureAge: Malicious Gridinsoft: Ransom.Win32.Wacatac.oa!s1

VirusTotal result for version 1.8.1 installer

VirusTotal result for version 1.8.0 installer

VirusTotal result for version 1.7.0 installer

From detection names, we can conclude that, detections are machine learning based. Both, Bkav Pro and SecureAge APEX are advertised for their AI capabilities. However, this is a false positive.

Update: Starting from september 6, Gridinsoft also marks installers for versions 1.8.x marks as malware.

To solve this issue, I'll communicate with two vendors.

  • [ ] Get in touch with Bkav Corporation
  • [x] Get in touch with Secureage Technology Pte Ltd
  • [ ] Get in touch with Gridinsoft LLC

fxdeniz avatar Sep 06 '23 14:09 fxdeniz

I reached to SecureAge (4th of September) via their false positive reporting page

And within same day, I received this reply which says they will remove false positive detections.

result-apex

fxdeniz avatar Sep 06 '23 14:09 fxdeniz

Also, I sent e-mail to [email protected] and [email protected] in september 4

but still no response

fxdeniz avatar Sep 06 '23 14:09 fxdeniz

Today, I released the version 1.8.1

I reached to all of the vendors. Again, clearing false positives for new installer.

fxdeniz avatar Sep 07 '23 15:09 fxdeniz