iocmet
commented
1 year ago This patches system files to make flash works like viruses does it to inject payloas so antiviruses gives false positive detects
Open bobberlin opened 2 years ago
iocmet
commented
1 year ago This patches system files to make flash works like viruses does it to inject payloas so antiviruses gives false positive detects
LiEnby
commented
1 year ago This patches system files to make flash works like viruses does it to inject payloas so antiviruses gives false positive detects
yes, for some reason, flash installs itself to system32 folder, and using highest possible windows permission "TrustedInstaller" .. so this program has got code to change the permissions of the flash player to "administrators" so that it can be edit.
this application also makes use of the scheduled tasks API to disable that 'please uninstall flash' nag message .. which is also something often abused by viruses (i.e to make themselves run as startup, or to elevate privileges)
if you look at that detection, you'll see its got Heur, which is for "heuristics" which is basically a fancy thing to rather than detect already known virus, it try to look at what the code of a program see what it is is doing and determine purely from that if it is malicious or not; so, it makes sense if its seeing those things
Wanted to install your 1.7 flash patcher but Norton removed it due to risk: Heur.AdvML.C. Has a virus got into your exe, or is there another explanation ? thanks, bob