Ransomware warning from TrendMicro re VidCoder 6.12 Beta

[juzzle]

Here's the report

Date/Time,Threat,From,Version,Copyright,Detected Resource or Process ID,Response 6/09/2020 11:04,C:\Users\\AppData\Local\Temp\is-OPA33.tmp\VidCoder-6.12-Beta.tmp,Unknown,,,C:\Users\\AppData\Local\Temp\is-OPA33.tmp\VidCoder-6.12-Beta.tmp,Terminated

Seems that three JPEGs were created (thumbs) in temp directory

[RandomEngy]

These are temporary files that Inno Setup creates to track the install progress. Pretty sure this is normal behavior.

[juzzle]

Hi David,

This keeps happening with Trend 😐

@.***D726C8.5870A150]

From: David Rickard @.> Sent: Monday, 7 September 2020 04:15 To: RandomEngy/VidCoder @.> Cc: Justin Moss @.>; Author @.> Subject: Re: [RandomEngy/VidCoder] Ransomware warning from TrendMicro re VidCoder 6.12 Beta (#683)

These are temporary files that Inno Setup creates to track the install progress. Pretty sure this is normal behavior.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/RandomEngy/VidCoder/issues/683#issuecomment-687860051, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AAE4KBDLD7GVC3XYM46SQMDSEPGSLANCNFSM4Q3UHDMQ.

[RandomEngy]

Could you report the file as safe to them?

[juzzle]

I could do that David, but last we spoke you were going to raise this with Trend. There comes a point where I have to ask myself "maybe there's something in this report" - I mean I can take your word for it once or twice, but ..

Regards, Justin

---

From: David Rickard @.> Sent: Thursday, April 1, 2021 9:38:58 AM To: RandomEngy/VidCoder @.> Cc: Justin Moss @.>; Author @.> Subject: Re: [RandomEngy/VidCoder] Ransomware warning from TrendMicro re VidCoder 6.12 Beta (#683)

Could you report the file as safe to them?

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/RandomEngy/VidCoder/issues/683#issuecomment-811511638, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AAE4KBBHQN6IW4XV6YODFGTTGOQAFANCNFSM4Q3UHDMQ.

[RandomEngy]

Understandable.

I did report the file as safe to a bunch of AV providers. But most of them are not responsive, and there are so many AV providers that it would take an inordinate amount of time to do that for every release.

If you click on my GitHub profile, you can see that I work for Microsoft. They pay me well enough that it wouldn't be worth doing anything shady.

I've recently started digitally signing VidCoder releases, so hopefully this will eventually help with the virus false positives.

Has your computer ever been locked and held for ransom? That's what the "ransomware" warning claims would happen.

[juzzle]

Thanks for understanding David, and I feel your pain getting AV providers to listen. I guess my concern is not directed at something you’d do intentionally, but rather a PUA that your app might depend on (ie, sneak in through a back door).

Has my PC ever been locked for ransom? No, but that’s pretty much a one way ticket so I will do everything I can to fall into that trap.

Justin

From: David Rickard @.> Sent: Friday, 2 April 2021 01:43 To: RandomEngy/VidCoder @.> Cc: Justin Moss @.>; Author @.> Subject: Re: [RandomEngy/VidCoder] Ransomware warning from TrendMicro re VidCoder 6.12 Beta (#683)

Understandable.

I did report the file as safe to a bunch of AV providers. But most of them are not responsive, and there are so many AV providers that it would take an inordinate amount of time to do that for every release.

If you click on my GitHub profile, you can see that I work for Microsoft. They pay me well enough that it wouldn't be worth doing anything shady.

I've recently started digitally signing VidCoder releases, so hopefully this will eventually help with the virus false positives.

Has your computer ever been locked and held for ransom?

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/RandomEngy/VidCoder/issues/683#issuecomment-811956496, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AAE4KBACLM4SGACQWFR3EF3TGSA7LANCNFSM4Q3UHDMQ.

[RandomEngy]

All the dependencies are open source. Not a guarantee against foul play, but it helps.

As for third party antivirus, I've always considered it malware in and of itself, based on how it bogs down the system and finds false positives.

I now have an especially dim view of it based on how it's telling so many people my software is malware. I've had people coming to me for years with many different viruses and trojans VidCoder has been mis-identified as.

Anyway, not to say your report isn't appreciated. More of a rant about the state of AV in general.

[juzzle]

I appreciate the feedback David – thank you

From: David Rickard @.> Sent: Saturday, 3 April 2021 16:26 To: RandomEngy/VidCoder @.> Cc: Justin Moss @.>; Author @.> Subject: Re: [RandomEngy/VidCoder] Ransomware warning from TrendMicro re VidCoder 6.12 Beta (#683)

All the dependencies are open source. Not a guarantee against foul play, but it helps.

As for third party antivirus, I've always considered it malware in and of itself, based on how it bogs down the system and finds false positives.

I now have an especially dim view of it based on how it's telling so many people my software is malware. I've had people coming to me for years with many different viruses and trojans VidCoder has been mis-identified as.

Anyway, not to say your report isn't appreciated. More of a rant about the state of AV in general.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/RandomEngy/VidCoder/issues/683#issuecomment-812814689, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AAE4KBF2XWOU4WL7BNN7OY3TG2RGJANCNFSM4Q3UHDMQ.