Closed ThomasHedden closed 3 months ago
daringer
commented
4 months ago Yes, we've seen this before - these tools look for (python) packages and flag them as malware because it was used in some malware before - we aim for a signed binary & msi for the next release to avoid this. You can help here by telling these tools that nitrokey app2 is not malware, they tend to collect this information.
ThomasHedden
commented
4 months ago Thank you for your quick response.
Yes, we've seen this before - these tools look for (python) packages and flag them as malware because it was used in some malware before - we aim for a signed binary & msi for the next release to avoid this. OK. You can help here by telling these tools that nitrokey app2 is not malware, they tend to collect this information. I have done this. FYI here is the threat log provided by Webroot SecureAnywhere and also the message that I sent to them.
Automated Cleanup Engine Starting Cleanup at 31/01/2024 - 20:21:56 GMT
Starting Routine> Removing C:\Program Files\Nitrokey\Nitrokey-App\nitrokey-app.exe...#(PX5: 0DE838A0818DB19E1DBA7A2FCF74E0008D9ACD1C - MD5: B1EA55C37AAB59978DFF87ACCC2AF615 - UniqueID: CE342978)... Deleting File> C:\Program Files\Nitrokey\Nitrokey-App\nitrokey-app.exe
Automated Cleanup Engine Starting Cleanup at 31/01/2024 - 22:10:39 GMT
Starting Routine> Removing C:\Program Files\Nitrokey\Nitrokey-App\nitrokey-app.exe...#(PX5: 0DE838A0818DB19E1DBA7A2FCF74E0008D9ACD1C - MD5: B1EA55C37AAB59978DFF87ACCC2AF615 - UniqueID: 0C4B7CD8)... Deleting File> C:\Program Files\Nitrokey\Nitrokey-App\nitrokey-app.exe
[subject] Nitrokey app 2 flagged as malware I recently purchased the Nitrokey 3A mini, a hardware security key: https://shop.nitrokey.com/shop/nk3am-nitrokey-3a-mini-149#attr= There is an app that is used with it, called the Nitrokey app 2 (there is an earlier app 1 that is used for older Nitrokey products). I tried to install the Nitrokey app 2, and Webroot SecureAnywhere flagged it as malware and deleted it. I cannot submit the file through your app because it was deleted. However, I can provide the repository where I got the installer: https://github.com/Nitrokey/nitrokey-app2/releases Scroll down to v2.1.5, which is the current release (the pre-release is farther up on the webpage). I downloaded the file having the filename "nitrokey-app-v2.1.5-x64-windows-installer.msi". By the way, before running the installer I scanned it with Webroot SecureAnywhere, and the installer was NOT identified as malware. I ran the installer and Webroot SecureAnywhere deleted it. Not only did it delete it, but it apparently changed the permissions on the installation folder so that if the installer is run again, the flagged file cannot be written to that directory. I reported this as an issue on the Github repository for the Nitrokey app 2, and one of the developers told me that the problem is that it is a Python package. Please work this out with the developers so that I can install the Nitrokey app 2. Thank you, Tom Hedden
daringer
commented
4 months ago cool, thanks for addressing them, although I would be pretty sure they will say that it should be signed -- looking forward to their reply ;)
mmerklinger
commented
3 months ago The latest version 2.2.1 provides a signed binary and installer. Hence, it should solve the issue for you. I will close this issue for now, but please feel free to reopen or reply if you encounter the problem again.
On Windows 11 Home version 23H2 build 22631.2861, Webroot SecureAnywhere CE 24.1 flags the Nitrokey 2 app as malware. Installing from nitrokey-app-v2.1.5-x64-windows-installer.