Debugview++ classified as Trojan Win32/Zpevdo.B by Windows Defender - Githubissues

CobaltFusion / DebugViewPP

DebugView++, collects, views, filters your application logs, and highlights information that is important to you!

Boost Software License 1.0

978 stars 144 forks source link

Debugview++ classified as Trojan Win32/Zpevdo.B by Windows Defender #353

Closed monty241 closed 5 years ago

monty241 commented 5 years ago

Reproduction:

Download debugview++.msi version 1.8.0.44 using Google Chrome (productie channel).
Automatically blocked and classified as trojan Win32/Zpevdo.B

See pictures.

janwilmans commented 5 years ago

I have had similar problems myself at my company, where mcafee classified it as a different kind of heuristic thread. I've tried to remove certain API calls to see if that would have, but no luck... I would be happy to fix this but, I have no idea why its being classified as a trojan. Of course debugview++ does use debug-api's but, there is really no choise, its a debugging application :)

janwilmans commented 5 years ago

If you google Zpevdo.B you will see that more people struggle with false positives of this kind...

janwilmans commented 5 years ago

I've submitted this case to Windows Defender

janwilmans commented 5 years ago

Good news, its been marked as a false-positive and removed from detection.

janwilmans commented 5 years ago

closing... please re-open if more troubles are encountered