grout icon indicating copy to clipboard operation
grout copied to clipboard

Published 20 hours ago verified publisher icon tarkah

Windows Defender threat detected for release v0.7.0

Open jasonvasquez opened this issue 4 years ago • 7 comments

Hello!

I was hoping to give grout a spin this evening, but I wanted to give you a heads-up that Windows Defender flagged the grout.exe executable for release v0.7.0 as containing a trojan, Win32/Ulthar.A!ml. I don't know if it's a false-positive or not but did want to let you know. Here's a link to the specific threat that was identified: https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=Trojan%3aWin32%2fUlthar.A!ml&threatid=2147751837.

Thanks!

jasonvasquez avatar May 31 '20 04:05 jasonvasquez

Hey, thanks for the report! Does it warn you before you try to run or after running it? I haven't seen this on my machine. Also, does this happen on any other versions as well?

Probably a good idea for me to release with an md5 hash... Just in case!

tarkah avatar May 31 '20 22:05 tarkah

It gave the warning right after I downloaded it from the GitHub releases page and ran it for the first time. I didn't attempt to run it past that. I can try some other versions later, that's a good idea.

jasonvasquez avatar Jun 01 '20 00:06 jasonvasquez

This is what I see when I download the release from Github and run for the first time... Definitely no error about it being a Trojan.

image

Can you calculate the md5 hash of the v0.7.0 release you downloaded and paste the results? If you get the same hash, you are safe to run the program. Though I'll then need to figure out why it's being flagged...

PS > certutil.exe -hashfile '.\grout.exe' MD5
MD5 hash of .\grout.exe:
ff8f678d668c2a0e14959fd67071c313
CertUtil: -hashfile command completed successfully.

tarkah avatar Jun 01 '20 17:06 tarkah

I think this article might be relevant: https://getimageview.net/2020/06/02/microsoft-defender-smartscreen-is-hurting-independent-developers/

frabert avatar Jun 06 '20 10:06 frabert

@frabert, thanks for posting. I'm ok with the smart screen pop up, it just is what it is. And I'm not looking to get a digital signature for this.

However, @jasonvasquez issue appears to be different as he is being warned about a Trojan virus, which I can't seem to figure out?

tarkah avatar Jun 06 '20 14:06 tarkah

In that case, I think submitting the file as a false positive should be the right course of action: https://www.microsoft.com/en-us/wdsi/filesubmission

frabert avatar Jun 06 '20 15:06 frabert

Awesome, thanks for the link!

tarkah avatar Jun 06 '20 15:06 tarkah