search

MaxvandeLaar / homey-community-store

12 stars 4 forks source link

Windows Defender Antivirus has detected malware #21

Closed korkmazk closed 4 years ago

korkmazk commented 4 years ago

Describe the bug Windows Defender blocks installation of Homey.Community.Store.Setup.0.3.0.exe

To Reproduce Download and run the installer

Expected behavior The installer would install without any trojan notifications froms Windows Defender

Screenshots file: C:\Users[removed]\Downloads\Homey.Community.Store.Setup.0.3.0.exe

webfile: C:\Users[removed]\Downloads\Homey.Community.Store.Setup.0.3.0.exe|https://github-production-release-asset-2e65be.s3.amazonaws.com/246362513/779da980-9f76-11ea-994a-66113ea1e186?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20200527%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20200527T071830Z&X-Amz-Expires=300&X-Amz-Signature=8009f383786ce9faf9c6cf298e18feda7c99e9d86fa58baaca4752aff5419ce3&X-Amz-SignedHeaders=host&actor_id=36696488&repo_id=246362513&response-content-disposition=attachment%3B%20filename%3DHomey.Community.Store.Setup.0.3.0.exe&response-content-type=application%2Foctet-stream|pid:3764,ProcessStart:132348693407215342

Desktop (please complete the following information):

Additional context Windowns Eventlog details:

Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Fuery.C!cl&threatid=2147718736&enterprise=1 Name: Trojan:Win32/Fuery.C!cl ID: 2147718736 Severity: Ernstig Category: Trojaans paard Path: file:_C:\Users[removed]\Downloads\Homey.Community.Store.Setup.0.3.0.exe; webfile:_C:\Users[removed]\Downloads\Homey.Community.Store.Setup.0.3.0.exe|https://github-production-release-asset-2e65be.s3.amazonaws.com/246362513/779da980-9f76-11ea-994a-66113ea1e186?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A4.18.2004.6F202005274.18.2004.6Fus-east-14.18.2004.6Fs34.18.2004.6Faws4_request&X-Amz-Date=20200527T071830Z&X-Amz-Expires=300&X-Amz-Signature=8009f383786ce9faf9c6cf298e18feda7c99e9d86fa58baaca4752aff5419ce3&X-Amz-SignedHeaders=host&actor_id=36696488&repo_id=246362513&response-content-disposition=attachment{CD435AB7-9292-4DE7-B3DA-80752873EA28}B[removed]filename{CD435AB7-9292-4DE7-B3DA-80752873EA28}DHomey.Community.Store.Setup.0.3.0.exe&response-content-type=application4.18.2004.6Foctet-stream|pid:3764,ProcessStart:132348693407215342 Detection Origin: Internet Detection Type: FastPath Detection Source: Downloads and attachments User: [removed] Process Name: Unknown Security intelligence Version: AV: 1.317.35.0, AS: 1.317.35.0, NIS: 1.317.35.0 Engine Version: AM: 1.1.17100.2, NIS: 1.1.17100.2

MaxvandeLaar commented 4 years ago

@korkmazk I don't have Windows so it's hard for me to understand what is wrong. Note that the software is not signed with a certificate so that just might be the problem.

Seems to be a false positive https://github.com/electron-userland/electron-builder/issues/4793. I maybe am able to fix it by changing a build setting for Windows, however, that would mean Windows won't complete remove all app data when uninstalling.

korkmazk commented 4 years ago

I did run it through a Virustotal scan and only one out of 67 engines marked it as virus due to being an packed exe, so false positive. https://www.virustotal.com/gui/file/fd8e612077aebb01e3c620cb870eacd81f40ec03d600ff690236ace77149cc9e/detection

Thx for the update, I will whitelist the executable and continue.

MaxvandeLaar commented 4 years ago

@korkmazk okay, thanks for the update!