NeSync
NeSync copied to clipboard
NeSync installer on windows detected as malware
NeSync uses NSIS as a installer on Windows. And, antiviruses Bkav Pro and SecureAge flag exe files based on NSIS as a virus.
Detection names:
Bkav Pro: W32.AIDetectMalware
SecureAge: Malicious
Gridinsoft: Ransom.Win32.Wacatac.oa!s1
VirusTotal result for version 1.8.1 installer
VirusTotal result for version 1.8.0 installer
VirusTotal result for version 1.7.0 installer
From detection names, we can conclude that, detections are machine learning based. Both, Bkav Pro and SecureAge APEX are advertised for their AI capabilities. However, this is a false positive.
Update: Starting from september 6, Gridinsoft also marks installers for versions 1.8.x marks as malware.
To solve this issue, I'll communicate with two vendors.
- [ ] Get in touch with Bkav Corporation
- [x] Get in touch with Secureage Technology Pte Ltd
- [ ] Get in touch with Gridinsoft LLC
I reached to SecureAge (4th of September) via their false positive reporting page
And within same day, I received this reply which says they will remove false positive detections.
Today, I released the version 1.8.1
I reached to all of the vendors. Again, clearing false positives for new installer.