Chrome, Windows Defender, and others flagging as virus

[PicantePeperoni]

Windows defender flagged as a Trojan in its latest quick scan and quarantined the exe and process. I assume that this is due to the hidden powershell changes but might not be.

During re-download, Chome also blocked the file so I checked the SHA256 and ran it though virustotal.

https://www.virustotal.com/gui/file/1704400cac8411fd98bdef3bdb4c116f1e561671b7f11f7de3e6d79e7a87f4a2/detection

Looks like false positives but wnated to make sure you are aware.

[davidnewhall]

Thanks for your report. Windows sucks. :) If I used it, I might be able to fix this junk.

And to be completely fair, this application is really no different than a trojan. It collects all your system data and sends it off to the Internet (for notifications). It also has a tunnel feature that allows incoming traffic to bypass most firewalls. This allows the website to interact with the clients. It's really all about trust, and these multi-billion-dollar corporations want you to believe they have your best interest in mind by asking if you really trust me. Toolbarr is even signed and throws similar warnings in Windows.

Getting Microsoft and Google to trust us may not be easy.

What are these 'hidden powershell changes' to which you referred?

[PicantePeperoni]

Thats what I assumed also and thank you for the details.

For the hidden powershell, I was referring to the match with sigma rule. "Matches rule Non Interactive PowerShell Process Spawned by Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements) at Sigma Integrated Rule Set (GitHub) Detects non-interactive PowerShell activity by looking at the "powershell" process with a non-user GUI process such as "explorer.exe" as a parent."

While I had warnings with previous versions of the software during download, it wasnt until v0.7.3 May 29, 2024 that Windows Defender took action and quarantined the process and exe. I thought I had saw a release note that this version switched to a background cmd prompt but I could be wrong about that.

[davidnewhall]

This version removed the 'background' command/terminal window. It now acts like a GUI-only process in the eyes of Windows.

[PicantePeperoni]

Makes sense. I was trying to draw a pattern between this update and windows. All of the old version EXEs are in that same folder and windows defender doesn't have any problem with them. But maybe defender updated it's definitions and maybe that's why. Only windows knows what it does, we can only guess.

[davidnewhall]

I'll close this when I sign the windows exe file and remove the nasty Microsoft warnings.