Closed lapp0 closed 3 years ago
Thank you for detailing how you managed to get Windows Defender to stop deleting it.
I've found that Windows Defender also has been updated now and can delete files within a 7zip archive. But regardless of this users can always check the Windows Defender history and go through the threats and choose to allow them.
Or users can whitelist a folder but I chose not to show users how to do in the interest of not causing security issues for users.
As for signing, I attempted that in one of the previous releases but it did not stop it from triggering the virus detection. Like I have stated in the documentation, it is due to 2 features of the program:
I don't know a way around this issue yet. Only thing I've seen is to contact the virus scanners and request a whitelist of the program but because I am still working on it and updating it I'd rather not. That said, this is also why people should only ever download this program from this repository. If some malicious person replaced the ffmpeg.exe file with a virus then it'd be dangerous. Thankfully however the proper ffmpeg program doesn't get detected as a virus. So if it ever does, users can and should go and download the ffmpeg program themselves.
Thank you for providing a breakdown on how you solved the issue. I will update the documentation to include a link to your comment as well as provide a way to safely ensure ffmpeg is safe for users who'd like to take extra precautions.
I will close this issue once the documentation is updated.
Kind Regards.
Virus scan for release executable https://www.virustotal.com/gui/file/e4fd31a1e92454e7c7964180cbd4051a14d5a8036097fa0141fb193f6a72d122/detection
I'm aware of the virustotal results of the executable. The debug version also produces different results.
The rest are most likely triggering from CreateProcess. You can google other users using the CreateProcess function and having similar issues. I don't have a way around that yet.
My understanding is the fix involved removing link.exe
in the build https://github.com/horsicq/DIE-engine/compare/851176f03b82bacd7954bb2b21b4183dee397f36..2bf491dfd62f4282693b17066cc0a8e6b00043a5#diff-0d42097698da2d7b3c23030021047bd316d946e9f69fc854d2013d7bf8dd0c81L58
You don't use link.exe
in your build (at least not explicitly in this repo), but maybe that link above has a hint. Sorry I can't be of more help, windows builds aren't my wheelhouse.
Thanks for digging that up for me. Much appreciated!
Yeah I noticed that the build files in that linked repo started using qmake.exe to perform the builds. I'll look into link.exe and see if I can remove it from the build process if it's present. I'm just hoping it isn't the actual linker program because then removing it would not be possible.
You've been very helpful. Please no apologies necessary :)
Up voted this on virstotal and left a brief description. I also marked it as safe on Hitman Pro. Hope this helps somehow.
The current docs don't work because
switch-remote-play-host
is automatically deleted when extracted, both from 7zip and zip. There is no option in windows defender to allow this program before or after it's run.To resolve this you must
switch-remote-play-host
switch-remote-play-host
folderTrojan:Win32/Wacatac.D6!ml
,switch-remote-play
doesn't include malware. I have no idea whether it does! Please check for yourself, it is a good security practice. Note, a quick review appears that this often is the result of unsigned binaries. Perhaps a separate issue should be created to sign your releases?