Debugview++ 1.8.0.16 (not released yet) is deleted by symantec download insight

CobaltFusion / DebugViewPP

DebugView++, collects, views, filters your application logs, and highlights information that is important to you!

Boost Software License 1.0

982 stars 144 forks source link

Debugview++ 1.8.0.16 (not released yet) is deleted by symantec download insight #319

Closed janwilmans closed 5 years ago

janwilmans commented 6 years ago

https://github.com/CobaltFusion/DebugViewPP/releases/tag/1.8.0.16

janwilmans commented 6 years ago

the latest version of debugview removes the DACL from the outputdebugstring buffer handle using SetSecurityInfo (win32) to be able to see debug messages from special processes such as explorer extensions, as per user request. To be able to access the buffer at all you have to have admin+debug privileges. I guess using the SetSecurityInfo from a application running as administrator with debug privileges should not be a security risk?

janwilmans commented 6 years ago

mitigation: added DACL_MODIFY macro to disabled access to Get/SetSecurityInfo API, this is really unfortunate, but having no debugview++ at all is worse than missing messages from certain processes.

janwilmans commented 6 years ago

hm, even when completely removing any mention of the Get/SetSecurityInfo API including the 'includes' to access it, the 'reputation' is now a problem.

janwilmans commented 5 years ago

stopped being flagged as a security risk ... closing

LazyRoy commented 5 years ago

Symantec False Positive report form is here: https://submit.symantec.com/false_positive/ Please try

janwilmans commented 5 years ago

Already reported it months ago. no response so far.