Open andrejohansson opened 7 years ago
Hm.
If you feel you can trust me, then just whitelist it for now.
If you prefer, you can grab a copy of Visual Studio (Community) and compile it yourself. The source code is available in this repository and rather short/simple if you would like to check it for yourself. Just open the sln file and build all.
I will look into reporting this to Panda; it would be helpful if you could provide more info:
I'll see what I can give you later, this is our companys antivirus so I do not have rights to either whitelist nor get the specifics. I doubt it helps if I build myself, I guess that things that hook into windows components easily can be considered viruses.
Hm... I don't hook into Windows components anywhere... the DLL is a standard plugin built as a .NET 2.0 class library, and the exe is just a command-line program that calls into a standard Windows API. No funny injection, etc., going on.
Does Panda give you any more info at all other than "it's a virus"?
Have you been using this for a while and is this a recent detection (new definitions) or is this the first time you've tried it?
Does GrowlForWindows work with other (built-in) plugins?
Sorry, this is the only information I get:
Events More details Date/Time Status
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Virus detected W32/Exploit.gen Location: C:\Users\andrej\AppData\Local\Growl\2.0.0.0\Displays\GrowlToToast\Toaster\GrowlToToast.Toaster.exe 2017-03-16 11:37 Neutralized
Thanks!
This is ... interesting. I would've expected Toaster to be perfectly fine, since it's not much more than a very simple usage of Microsoft libraries. I'll contact Panda and see what they say.
Could you tell me which version of GrowlToToast you're using? v0.1, v0.2a3? I need to figure out which one to pass on to Panda ;)
If you have the Panda engine and definition versions, that might be helpful too.
Looks like it (v0.2a3) passes whichever Panda version they have over at VirusTotal... it's possible they've updated signatures since then; could you try running it again? https://www.virustotal.com/en/file/6080043d3f9a1df562fbad3ff031ff9205f8c0a44a02d7bc6a967a1f70616942/analysis/1489740704/
Sorry, still getting snagged by panda. But it seems that I can unzip the file and nothing happens until I choose the display in growl and press "preview". Then panda reacts and nukes the component.
Unfortunately, no response from Panda yet...
If you could try something:
Download test.txt and put it in the Toaster
directory
Open cmd
, navigate to the Toaster
directory. cd %LocalAppData%\Growl\2.0.0.0\Displays\GrowlToToast\Toaster
should take you there.
Run GrowlToToast.Toaster.exe
by itself. Does Panda complain about it? When run like this, Toaster does nothing at all; just exits.
Run the command type test.txt | GrowlToToast.Toaster.exe
. Does Panda complain about it now? This should attempt to show the preview message.
If you can test that, at least we'll know what triggers Panda:
Unfortunately, all I can really do is pass this info along to Panda's support ... who still haven't replied... maybe I can try shifting some bits around to see if that evades detection but this is really weird.
I just tried another windows 10 notifier and on that panda goes bluescreen...so...I guess its not anything we can do for now.
Ouch. Yea, that does sound pretty broken.
If you want, you can join that Panda forum and help bug them... maybe they'll actually notice at some point? :P
^ If you can figure out which exact step triggers it, we can pass that along too.
If you still feel like trying it a year later, the entire install process and some of the notification process has changed. Maybe it won't trigger Panda anymore.
Unfortunately Panda Endpoint Protection considers this as a virus. :-(