Getting "Virus detected" when downloading ExifToolGUI installer from Chrome, prevents download

[alelom]

See:

This prevents download of the installer.

Chrome Version 125.0.6422.113 (Official Build) (64-bit) Windows 10

Firefox is instead able to download without issues.

[FrankBijnen]

Thanx for the info. Alas I'm able to change Chrome. Maybe you can report it to Chrome?

V632 has been downloaded 1500+ times by now, highly unlikely that it contains a virus.

[alelom]

Hey, no probs.

I think the right place to report is the owner's repo because:

• generally what's needed is some minor modification to the code or repo content to avoid the incorrect flag. In theory, you probably will need to check what's changed in recent chrome versions and comply with their new safety standards. That is, if you want to be compliant, which I wouldn't say is a priority unless the issue appears with most other browsers and/or anti-virus services too.
• so users of this repo are aware that this has been raised already and that is a false flag.

[FrankBijnen]

I agree that posting here is a good idea.

I dont agree that the installer of GUI should be changed. The installer is created with InnoSetup using this sourcecode; https://github.com/FrankBijnen/ExifToolGui/blob/main/Redist/ExifToolGUI_install.iss Lots of installers are created by InnoSetup, and many AV's report false positives. To put it in other words: I wouldn't know what to change. I think it works best if many people report false positives to Google Chrome.

Edit: It is Windows Defender that reports that there's a virus.

[FrankBijnen]

Meanwhile reported to MS.

[FrankBijnen]

@alelom

Could you please try again?

I updated my definitions, and did not get a virus warning when I tried again. Maybe reporting to MS did help?

[ColmanPerkins-Stephen]

VirusTotal is reporting 2 vendors flagging the exe: https://www.virustotal.com/gui/file/197e4197778442e531183a5087a4d4a42eed87cd968eb9ab70f4009f86e11fa2?nocache=1

[FrankBijnen]

@ColmanPerkins-Stephen

Thanks. What can I say? I dont consider it alarming, but that's my opinion.

[ColmanPerkins-Stephen]

@ColmanPerkins-Stephen

Thanks. What can I say? I dont consider it alarming, but that's my opinion.

Agreed, just adding my 2 cents. I added a community note to the VT hash page also.

[PaulCoddington]

Currently being blocked and quarantined by Windows Defender with MS Edge (Trojan:Win32/Wacatac.H!ml).

Looks spurious, will give it a bit of time for signature updates to come through.

[FrankBijnen]

@PaulCoddington

Same here.

Downloading with Edge results in: Trojan:Win32/Wacatac.H!ml Downloading with Chrome results in: Trojan:Win32/QQPass

Previously it was: Trojan:Win32/Vigorf.A

MS cant seem to make up their mind!

[PaulCoddington]

v6.3.3 installer had no problems until today, but this evening Defender has started flagging my backup copy of the installer (PUA:Win32/Puwaders.C!ml).

[FrankBijnen]

@PaulCoddington

Tried to reproduce it, by first updating virus definitions, downloading via Chrome, and executing installer with all options. No problems so far here. But that doesn't mean they will not appear sometime.

I fear it will be a 'cat and mouse game'. Eventually I might give in and postpone this project.

[Philshappy]

Since the portable version doesn't appear to have this issue would it be possible to continue with the portable version. This tool is so valuable it would be sad not to continue it.

[FrankBijnen]

Thanks for your high opinion.

I'm just postponing not abandoning.

It may help if lots of people report this as a false positive to MS.