RightClickFolderIconTools icon indicating copy to clipboard operation
RightClickFolderIconTools copied to clipboard
verified publisher icon ramdany7

Chrome reporting "Virus Detected" when downloading release 0.1

Open DMacMakes opened this issue 2 years ago • 4 comments

I'm using Chrome 120.0.6099.71 (Official Build) (64-bit) on Windows 10, and I'm logged in to Github. I don't have any antivirus software installed beyond the built-in/Microsoft-issued Windows Defender. I visited the repo for RightClickFolderIconTools, clicked the latest release in the right nav ( RCFI Tools v0.1 ) in the right nav, clicked rcfi.tools.v.01.zip. It downloads, but the file never appears, and it warns me instead tha a virus was detected, next to a red download icon with a slash through it. See the attached image for the error, shown when I click the download icon on the right of the address bar (near the three-dot/kebab menu).

error_virus_detected_rcfi-tools-v0-1-zip

DMacMakes avatar Dec 15 '23 02:12 DMacMakes

More info: I found the "Remediation" in "Windows Security -> Virus and threat protection", and it's taken exception to the RCFI Tools.bat file, having detected "Trojan:Win32/Vigorf.A". See the attached image for the full error.

image

DMacMakes avatar Dec 15 '23 02:12 DMacMakes

Oh, yeah, I've never noticed it. Yes, it looks like some antivirus programs, including Windows Defender, might flag the "RCFI Tools.bat" as a malicious program. It never happened to me before, but when I do the same thing as you do by downloading it from the GitHub repo using Chrome, it gets detected. I think probably it's because I own the files, and they originated from my PC, so Windows never scanned it, or it's automatically trusted because I tried to scan it manually, and it still was not detected.

However, in regards to this case, I don't know what to do. I think the batch file will always be suspected as 'malicious,' especially when it has a thousand lines with some suspicious activities like:

  • The shortcut function to search for the folder icon on the web/browser
  • The function to call and interact with other programs to convert and edit the images
  • The function to edit the registry to add the "Folder Icon Tools" to the Explorer context menu
  • The function to read, write, copy, and delete the config files and temporary files
  • The function to edit file attributes
  • Etc.

Those might look too suspicious to antivirus for a batch script/batch file to do all of that. So the only solution is probably to make an exception manually through the program/antivirus that blocked it from running to allow it.

ramdany7 avatar Dec 15 '23 07:12 ramdany7

Thanks for the response 🙏 Maybe it's something to add to the README down the line. Head off more questions/issues.

DMacMakes avatar Dec 15 '23 07:12 DMacMakes

yes, i will add it to the README. thank you for reporting the issue and thank you for the ⭐star. really appreciate it. 👍

ramdany7 avatar Dec 15 '23 08:12 ramdany7