ed-scout icon indicating copy to clipboard operation
ed-scout copied to clipboard
verified publisher icon joncage

Bitdefender reports threat when trying to install

Open UbikNoir opened this issue 11 months ago • 10 comments

Just tried to install the update and Bitdefender was not happy about it... see screenshot.

Please help. Cheers, Ubik

Image

UbikNoir avatar Feb 05 '25 21:02 UbikNoir

Alarming as it sounds, it's a false-positive..

https://stackoverflow.com/questions/75886428/fake-positive-bit-defender-problem-genvariant-tedy-304469

https://community.bitdefender.com/en/discussion/99932/what-exactly-is-gen-variant-tedy-540066

joncage avatar Feb 05 '25 21:02 joncage

I'll push it to Microsoft's false-positive reporting system and hopefully bit defender will calm down.

joncage avatar Feb 05 '25 21:02 joncage

When I download with Windows Defender it gives me a warning too:

Image

https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=Trojan%3AWin32%2FWacatac.B!ml&threatid=2147735505

Had a bit more of a dig into this. but I'm struggling to see where is-AB492.tmp came from. When I install it from the 1.9 release I just get these files:

Image

joncage avatar Feb 07 '25 22:02 joncage

I've submitted it to Microsoft for review: https://www.microsoft.com/en-us/wdsi/submission/fcd9d110-caa3-4fce-b3c6-0afffcfd2d2f

Will see what Microsoft say:

Image

I'll see if there's anything else I can do to avoid these rather alarming warnings in the mean time.

joncage avatar Feb 07 '25 22:02 joncage

I'm not alone FWIW.. https://stackoverflow.com/questions/52360025/how-to-stop-antivirus-false-positives-everytime-we-re-release-software

Tried uploading it to Virustotal.com and 16/70 AV programs appear to flag it: https://www.virustotal.com/gui/file/6db9be591a04303f764645d7af82a365b9e49b01d3141b5cbdc4aa97ec2928ec

I wonder if part of the problem is the fact the installer tries to download the font and that's seen as similar to malicious software.

I'll try a few adjustments (including avoiding that part).

joncage avatar Feb 07 '25 22:02 joncage

Tried reporting it to bitdefender here: https://www.bitdefender.co.uk/consumer/support/answer/88563/ ..but the page doesn't tell you whether the submission when through so they've either got about 5 attempts from me or they all failed.

joncage avatar Feb 07 '25 22:02 joncage

Interestingly, dropping the font download from the installer and adding some more info seems to have dropped it off the radar as a false-positive on most antivirus programs: https://www.virustotal.com/gui/file/f3027988668e56103236db229f885fe17c8d11e0565b91ce4ae07be311ac8df7

joncage avatar Feb 07 '25 23:02 joncage

Try 1.9.1; Virustotal.com doesn't seem to flag it: https://github.com/joncage/ed-scout/releases/tag/v1.9.1

joncage avatar Feb 08 '25 00:02 joncage

More than one VS reports the tool as infected, even after re-analysis.

Image

https://www.virustotal.com/gui/file/e4f75f76e44eb29363c1d5821d91c24f6e3396eec5ad8d667eefac20fa8695e5

The worst is “EDScout.exe” with 12 hits. And also the VS with the latest and most up-to-date virus databases.

Image

https://www.virustotal.com/gui/file/811d87e6c0a79622aae82d630aac1ba3798affeeb5c64fe156864aa3d3bac791

I could understand 1 or max. 2 hits, but not 7 or 12 or even more.

So it would be nice if you could create a new and clean build of these files.

MSIDoc avatar Mar 17 '25 18:03 MSIDoc

I JUST scanned the same file - NO issues detection wise.

https://www.virustotal.com/gui/url/3540f686f887b1582dcbcb90247d70d65c9d65e2745ecd402af4c7ced175ec82/detection

jdm12983 avatar May 10 '25 09:05 jdm12983