gsudo icon indicating copy to clipboard operation
gsudo copied to clipboard

Published 20 hours ago verified publisher icon gerardog

TrustedInstaller

Open xmrv opened this issue 2 years ago • 4 comments

I know this has been discussed before but I'd like to come up with a couple examples as to why TI is a good addition and AV detection should not be a consideration.

  • Users of such tools know how to deal with AVs and often uninstall them completely.
  • Similar project nsudo (LC) offers TI without virustotal detection (longer syntax though).
  • Some Windows registry keys related to customization need TI to change them (HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Settings\Network).

I am by no means a seasoned dev, just thought this would be a god tier tool if TI was an option.

xmrv avatar Apr 22 '22 15:04 xmrv

Thanks for your input. I understand that running as TI is useful for some audience.

If gsudo is flagged as virus by Microsoft Defender, or any top 5 av vendor, means game over for the project. Not only for the less techy audience who can't configure an AV. Who would run elevated a downloaded program flagged as virus? Certainly not me.

The functionality can be added and, whenever is ready, will have to launch as pre-release for a while. Let's test how AV vendors respond.

gerardog avatar Apr 24 '22 17:04 gerardog

How does "gsudo --ti" argument sound ? ~~Check out https://ci.appveyor.com/project/gerardog/gsudo/builds/43343399/artifacts~~

~~Replace your gsudo.exe folder contents with those artifacts.~~ ~~Let me know if you tested it and any issue.~~ Edit: not happy with the implementation.

gerardog avatar Apr 26 '22 03:04 gerardog

Sounds good and it worked, thank you. Should I send false positive reports to AVs now or wait for a signed build or both?

xmrv avatar Apr 26 '22 10:04 xmrv

Do not submit to AV vendors yet. Let me review the code and I will release a signed build. I had trouble getting a TI token from Trustedinstaller service, so I used the SCHTASK method, but I still want to give it another try.

gerardog avatar Apr 26 '22 12:04 gerardog

Updated build artifacts:
https://github.com/gerardog/gsudo/actions/runs/2989503528 (scroll down)

gerardog avatar Sep 04 '22 21:09 gerardog

First and most importantly, thank you.

The executables do not have a signiture when checked with sigcheck. So am I correct to assume I should still wait for the signed build for submission?

xmrv avatar Sep 05 '22 14:09 xmrv

The wait is almost over! I renewed the certificate this week. Later today or tomorrow.

gerardog avatar Sep 05 '22 14:09 gerardog

The new certificate needs to build up some reputation in order to avoid being flagged as potentially unwanted app.

image

I've submitted v1.4.1 to Microsoft Defender...

image

But the warning still shows up.

gerardog avatar Sep 06 '22 14:09 gerardog

Using the guides here and here I've submitted gsudo.exe to nearly 70 vendors in addition to a manual submission via Defender.

https://i.imgur.com/O7IdqNL.png

https://i.imgur.com/EvixEaX.png

https://i.imgur.com/avhaNxE.png

xmrv avatar Sep 06 '22 18:09 xmrv

This feature has shipped in the v1.5.0 release. It will be marked as a pre-release for at least a few days until SmartScreen gathers enough "reputation". Please do not submit to av vendors, unless it is flagged as virus.

gerardog avatar Sep 06 '22 20:09 gerardog