Anti-Virus Programm deletes suspicious file after unpacking files.

[mlem]

Hi,

my anti-virus scanner detects winprocess.node as HackTool Win32 Lorek g and deletes it immediately. Anyone knows if this is a false positive?

Benutzer: DESKTOP-asdf\mlem64
Benutzertyp: Aktiver Benutzer
Programmname: 7zG.exe
Programmpfad: C:\Program Files\7-Zip
Komponente: Datei-Anti-Virus
Ergebnisbeschreibung: Gelöscht
Typ: Programm, das Schaden verursachen kann
Name: HackTool.Win32.Lorek.g
Genauigkeit: Genau
Bedrohungsstufe: Mittel
Objekttyp: Datei
Objektname: winprocess.node
Objektpfad: C:\Users\mlem64\Downloads\Net64plus_2.5.2-win32-x64\client\Net64+-win32-x64\resources\app
MD5: 1ACDD9E47FF01CF2CF04312578684ADA```

[Tarnadas]

Hey, winprocess.node is a Nodejs native module (https://www.npmjs.com/package/winprocess) that allows usage of Windows functions to read and write to memory. Some anti virus programs flag this as suspicious. It can certainly be used harmfully, but we don't. We only attach to the emulator.

[mlem]

Thanks for clarifying. Hopefully this issue-ticket helps the next person with this problem.