search

PortableApps / Toucan

sync, backup and secure, all in one place
http://portableapps.com/apps/utilities/toucan
GNU General Public License v2.0
126 stars 23 forks source link

Windows Defender detects a Trojan: Win32/Pocyx.C!cl #11

Closed cacophobe closed 8 years ago

cacophobe commented 8 years ago

Windows Defender on Windows 10 reports a Trojan: Win32/Pocyx.C!cl and Quarantines the Downloaded (Toucan_3.1.4.paf.exe) file:

Detected Item: Win32/Pocyx.C!cl
Category: Trojan
Alert level: Severe
Date: 23/08/2016 00:58
Action taken: Quarantine
Detection method: Standard

Description: This program is dangerous and executes commands from an attacker.

Recommended action: Remove this software immediately.

Items: 
file:C:\ProgramData\Microsoft\Windows Defender\Scans\FilesStash\3EC91245-366B-641A-FC1B-34AA85EA73A0_1d1fd744ef2a7df
file:F:\Toucan_3.1.4.paf.exe
webfile:C:\ProgramData\Microsoft\Windows Defender\Scans\FilesStash\3EC91245-366B-641A-FC1B-34AA85EA73A0_1d1fd744ef2a7df|https://github-cloud.s3.amazonaws.com/releases/30209013/798ea8b0-394b-11e6-807e-589206718876.exe?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAISTNZFOVBIJMK3TQ%2F20160822%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20160822T192525Z&X-Amz-Expires=300&X-Amz-Signature=c8c3271149aaca8a17047b45ca304da7836df8c4361646f5a0b4ed2c1e0b25d7&X-Amz-SignedHeaders=host&actor_id=0&response-content-disposition=attachment%3B%20filename%3DToucan_3.1.4.paf.exe&response-content-type=application%2Foctet-stream|chrome.exe
webfile:F:\Toucan_3.1.4.paf.exe|https://github-cloud.s3.amazonaws.com/releases/30209013/798ea8b0-394b-11e6-807e-589206718876.exe?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAISTNZFOVBIJMK3TQ%2F20160822%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20160822T192525Z&X-Amz-Expires=300&X-Amz-Signature=c8c3271149aaca8a17047b45ca304da7836df8c4361646f5a0b4ed2c1e0b25d7&X-Amz-SignedHeaders=host&actor_id=0&response-content-disposition=attachment%3B%20filename%3DToucan_3.1.4.paf.exe&response-content-type=application%2Foctet-stream|chrome.exe

Windows Defender Version Info:

Antimalware Client Version: 4.10.14393.0
Engine Version: 1.1.13000.0
Antivirus definition: 1.227.372.0
Antispyware definition: 1.227.372.0
Network Inspection System Engine Version: 2.1.12706.0
Network Inspection System Definition Version: 116.22.0.0
alex-ter commented 8 years ago

Thanks for the report, this is a false positive. My Avast installation was saying the same until I reported that, so I suggest you to do the same. The binary is compressed with Portableapps file packer (and then wrapped into Portableapps installer), that's probably causing the suspicion.

alex-ter commented 8 years ago

Here's a report from VirusTotal.com, which checked it with more than 50 various antiviruses - a confirmation that's a false positive. Only four antiviruses flagged something and all of them were "suspicions", not actual detections. Unfortunately there's no way I can influence that, as all the tools used are standard Portableapps ones and there's only one way to use them. So please just report that to your antivirus vendor as false positive and it should be corrected by them.