dabeave92, on Apr 06 2017 - 01:18, said:
I watched your videos and was intrigued by the product (and miss OMC!) so I downloaded the file. Upon completion of the download, my AV software alerted me to malware being detected in the download (which I downloaded from the GitHub link in your original post above). It detected Trojan: Win32/Spursint.F!cl. As an IT professional, I can't in good conscious install it at this time...
** Update **
Another member of my clan also attempted to download it today. He uses a different AV software package than I do and his reported the same error. I'm not sure if this is because the .exe file was hacked on the source or if it's just a part of the code as built. Hoping Willster419 can check it out...
Having done work at an IT company before, and had run-ins with viruses in the past, I can 100% understand your concern. I have been contacted by other people as well that their antivirus applications have given false positives for the application (Avast and Norton). That is why I have provided the virustotal scan. I assume you are using Windows Defender, and your clanmate is using one of the two I listed? I have Windows Defender on my laptop and Kaspersky on my PC, and neither picked up any virus problems. My guess for why it does not trigger my Windows Defender is because it knows that visual studio is installed, and has been configured for it.
After looking at the analysis of what the Win32/Spursint is, I am not surprised that this application has triggered antivirus applications. This is because:
1. The application is new and is not in any antiviruses database.
2. The application downloads zip files from the internet.
3. The application downloads and runs a seperate exe file for installing damage log fonts.
4. The application uses a batch script for updating itself.
5. The application extracts and uses external application dll libraries for json config file patching and zip file handling.
Looking at the detection cases for that above trojan type:
"This threat can do one or all of the following:
- Download and install..."
My application downloads and installs mods for WoT, so I can see the relation, and reason for false positive.
It is not just this application that gets false positives though. For example, a downloader I use, called "free download manager" has sometimes been flagged by security essentials, but the application is harmless:
I also host my code on github so you can see exactly what the code does. I can't be much more transparent than that.
I really hope this explanation has helped you ease you mind about it . The best thing I can tell you is to whitelist it, and report to the antivirus software (as well as it's publisher) you use that it is not a virus. Hopefully eventually they will investigate my application and add it in their databases as safe. Also if you are still concerned, you could open it an a VM and monitor what it does.
If you have any other questions about it, just ask.
Edited by Willster419, Apr 07 2017 - 03:33.