ExplorerPatcher icon indicating copy to clipboard operation
ExplorerPatcher copied to clipboard

Published 20 hours ago verified publisher icon valinet

Several files marked as malicious from my antivirus

Open PIndividual opened this issue 1 year ago • 5 comments

After finishing installing EP, my antivirus claims that these files are behaving very similar to a trojan and recommends I to quarantine them ASAP. These files are: C:\WINDOws\dxgi.dll C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\dxgi.dll C:\WindowslSystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\wincorlib.DLL C:\WindowslSystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\dxgi.dll Should I do that? Are these files essential for EP to work?

PIndividual avatar May 04 '24 08:05 PIndividual

Yes. Those files are essential. Microsoft doesn't seem to like EP anymore, so they have marked this as a virus. Compiling EP yourself seems to be the only option now to be safe in the long run.

Amrsatrio avatar May 04 '24 09:05 Amrsatrio

Not long after a recent Windows (and ExplorerPatcher) update, ep_setup.exe was quarantined by Windows Security.

Detected: HackTool:Win64/ExplorerPatcher!MTB
Status: Quarantined
Date: 5/3/2024
Details: This program has potentiall unwanted behavior.

Affected items:
  file: C:\Program Files\ExplorerPatcher\ep_setup.exe
  regkey: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{D17F1E1A-5919-4427-8F89-A1A8503CA3EB}_ExplorerPatcher
  uninstall: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{D17F1E1A-5919-4427-8F89-A1A8503CA3EB}_ExplorerPatcher

ExplorerPatcher is still working. Please LMK if there's any information I can provide or anything I can do to help.

I'd post the About text from ExplorerPatcher, but sadly, it's not selectable so I can't copy it.

jlearman avatar May 06 '24 15:05 jlearman

You can also set windows defender to exclude the following:

  1. C:\Program Files\ExplorerPatcher
  2. %APPDATA%\ExplorerPatcher

Future updates to EP won't be flagged then.

You can also set windows defender to exclude the directory that you manually download EP to so you can install it without windows defender blocking it.

pyrates999 avatar May 06 '24 19:05 pyrates999

Soon, I got this message from Windows:

image

Do I have to worry?

merlinuwe avatar May 12 '24 19:05 merlinuwe

No. Just allow it and continue as you were.

Amrsatrio avatar May 12 '24 19:05 Amrsatrio

Just FYI, while I was seeing this earlier, I no longer am. The computer I saw it on is work-managed so they might have made changes. I haven't seen it on either of my personally-managed computers.

jlearman avatar Jun 21 '24 17:06 jlearman