NiklasGollenstede
commented
6 years ago Wow. This is really what I needed -.-
But thank's a lot for this comprehensive description. I do appreciate it and will look into it. The first thing I will do is to compile the current version in a fresh VM with only Visual Studio installed, to rule out the possibility that my desktop PC where I built both files in question wasn't infected without my knowledge and that spread into the files. I can't access that PC anymore, so checking it won't be an option.
For me, Windows Defender keeps putting native-ext-v0.2.1-win-x64.exe in quarantine, but leaves the other versions in place.
I'll report back once I know more. It would be especially interesting to know this section of the executable the virus programs identify as Trojan.
So I downloaded and ran native-ext-v0.2.1-win-x64.exe which installed on my Windows 10 x64 system just fine and ran as expected [Edit: Actually not, I thought it did but while the program said it was successful, the reStyle extension still can't talk to it, I may open another issue about that].
I'm pretty sure that the current version of reStyle on AMO uses the startup test function in NativeExt v0.2.2.
I guess until this is resolved, you could run NativeExt from source:
- install node.js 8+
- https://github.com/nodejs/node-gyp#option-1
git clone https://github.com/NiklasGollenstede/native-ext.gitcd native-ext && npm install && node . install
I just found this program via a link in the reStyle add-on that I found and I like the idea of a program to enable WebExtensions to do some things that were possible with XUL/XPCOM add-ons (Though I would prefer Mozilla just both support for XUL/XPCOM add-ons and WebExtensions at the same time so an add-in can use whichever one works best for the add-on they are developing so I'm only testing Firefox 57 right now to see if WebExtensions will work for me, my main browser is Waterfox 56, a browser based on Firefox 56 with back ports of security fixes from Firefox 57+).
I downloaded and ran native-ext-v0.2.2-win-x64.exe to install this package but while it installed on my Windows 10 x64 system, running bin.exe resulted in a not supported message from Windows 10 (Which I would guess is due to an unrelated issue).
So I downloaded and ran native-ext-v0.2.1-win-x64.exe which installed on my Windows 10 x64 system just fine and ran as expected [Edit: Actually not, I thought it did but while the program said it was successful, the reStyle extension still can't talk to it, I may open another issue about that].
However, Windows Defender then popped up and said native-ext-v0.2.1-win-x64.exe had been quarantined due to containing a trojan.
I restored the file from the quarantine and decided to scan both files with VirusTotal and found a few scan engines said the exes were trojans too (Oddly, the Microsoft scanner used by VirusTotal didn't find anything wrong).
I have used multiple small software projects over the past years, some closed source and some open source and have found many of them can get falsely Identified as Malware or marked as suspicious by a web browser because few people used the program even though when the program was perfectly safe.
I have little experience with this software but I see no reason to believe that it contains a trojan just based on my experience of looking at software and knowing how programs for Windows typically operate.
Unfortunately, most people don't have the technical knowledge to know when their AV software is incorrect and could mistakenly think your software has malware in it.
I'm not sure exactly how to fix this problem, I guess you would need to either contact the AV people to tell them it's a false positive and/or figure why those AVs flag your software so it can avoid doing things that cause the flagging to happen.
I would guess that because the program involves auto installation when run and possibly due to it using batch scripts (A little unusual for most software) are things that could be causing Windows Defender to flag the file as a trojan but I don't know for sure.
References: * The VirusTotal results page for native-ext-v0.2.2-win-x64.exe. * The VirusTotal results page for native-ext-v0.2.1-win-x64.exe. * A screen shot of Windows Defenders results popup for native-ext-v0.2.1-win-x64.exe. * Windows Defender's Learn More link is here though it isn't really that helpful.