NiyaShy / XB1ControllerBatteryIndicator

A tray application that shows a battery indicator for an Xbox-ish controller and gives a notification when the battery level drops to (almost) empty.
GNU General Public License v2.0
730 stars 52 forks source link

Virus total Has false positives #70

Closed ajaykaps closed 1 year ago

ajaykaps commented 2 years ago

https://www.virustotal.com/gui/file/7ec99a51963ff8cc5600e27307a61fe6c0199d49763fbecef750c4cad929e199

NiyaShy commented 2 years ago

Thanks for the heads-up. Accidentally still had some debugging stuff in the EXE, though a second version without them that I just created (and uploaded) still gets some hits (see here).

The thing is: I can't do much about it. Aside from MalwareBytes I've never heard of the other scanners, so with such obscure ones it's always more likely that they create false positives. So I guess for now you'll have to take my word for it that there is nothing fishy about the program, after all the source code can be viewed here on github, and the only "extra" that gets added is the stuff Visual Studio does to create the program.

ajaykaps commented 2 years ago

Yes, I know they are false positives, been using your fantastic software since 2019 , no issues so far :) Thank you for that.

NiyaShy commented 2 years ago

Just read through some of the pinned posts on MalwareBytes support forum for reporting false positives, and they explicitly state that the command line version of MBAM that VT uses is way more aggressive than the normal desktop version. So there's a good chance that only VT flags it but users who have MBAM installed won't get a warning. That combined with the other hits being from uncommon scan engines should be sign that the hits can be safely ignored.

Alistair1231 commented 2 years ago

I just got a Virus warning from Windows Defender itself. It's only recognized as a Hacktool/Crack, but it still might alarm some people. image

NiyaShy commented 2 years ago

Hm, interesting... Just tried on my own machine with a freshly updated Defender pattern (1.379.558.0) and it found nothing, neither the "live" component when I started 1.3 and the 1.4 "pre-release" nor via a direct scan of my local code/binary folder... So it most likely was only in a certain pattern version that already got replaced/updated.

Alistair1231 commented 2 years ago

Yeah, I think it was a coincidence, I got another warning today for another program. Yesterday, after I removed the exception I couldn't reproduce it. But today I got the warning again and checked the details, it wasn't your tool. I think it was just unlucky timing that I got the alarm just as I was extracting your program. I allowed the "virus", before checking the details of the detection, which states the executable in question. After you allow something, the exception doesn't show what you're allowing, so I mistakenly thought it was your software. Really stupid design imo. Sorry.