BrogueCE icon indicating copy to clipboard operation
BrogueCE copied to clipboard

Published 20 hours ago verified publisher icon tmewett

Windows versions since 1.13 are falsely flagged as a virus

Open h3rb opened this issue 1 year ago • 8 comments

Screenshot_26

h3rb avatar Jan 12 '24 21:01 h3rb

Sadly we don't know why - all we can do is mention on the release page. We got the program cleared on Windows Defender, maybe we could submit to Google too..

tmewett avatar Jan 13 '24 20:01 tmewett

Pulled the redirected url https://objects.githubusercontent.com/github-production-release-asset-2e65be/205895782/1a8e3ee4-2218-427d-b235-deaa61abf9c4?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20240716%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240716T215932Z&X-Amz-Expires=300&X-Amz-Signature=79248cb4e4bb719e6313ccfb1d063b71eba938f008ac8e194afbce0eeb585329&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=205895782&response-content-disposition=attachment%3B%20filename%3DBrogueCE-1.13-windows-x86_64.zip&response-content-type=application%2Foctet-stream from the release download for windows and ran it through an online malicious file scanner. https://www.virustotal.com/gui/url/c3913d84dc09e073544cd86726bc620756f30f28502298c0f312961a62c1ec08?nocache=1.

The file is being flagged by both Anity-AVL and URLQuery. One as malicious and the other as Suspicious. As for why, it does not give the details.

image

nmistry avatar Jul 16 '24 22:07 nmistry

Carbon Black Cloud also blocks the exe. "Barys is suspected malware and was blocked"

paulevans avatar Jul 28 '24 16:07 paulevans