search

Yutaka-Sawada / MultiPar

Parchive tool
1k stars 44 forks source link

Version 1.3.3.0 being detected as a virus by Microsoft #105

Closed SigmaTheDJ closed 1 year ago

SigmaTheDJ commented 1 year ago

I just had this pop up on my PC: -

Virus

I downloaded the installer from GitHub, so I'm assuming it's a false positive. Just thought I would let you know.

Yutaka-Sawada commented 1 year ago

Thank you for reminding me how malware detection is obscure. If there is a problem in my source code or application, I will solve them as possible as I can. Because this is a mistake of others, I cannot do anything myself. So, no need to report this type incident. If you worry about malware, checking the file at VirusTotal would be good.

You may see VirusTotal result. A sandbox "Yomi Hunter" flags the file as MALWARE. It points some basic features in MultiPar.exe like following. It runs another .EXE file. It creates short-cut icon. A user control it by command-line. It loads DLL. It starts batch file. It creates .INI file. It checks user's function key to show help. It gets data from clipboard for copy & paste files. As such functions are required for MultiPar's normal usage, I cannot stop them. "Yomi Hunter"'s reliability seems to be low, or it may not test actual behavior.

zjDrummond commented 1 year ago

This is happening on my system as well. Probably going to delete the files until the issue is resolved.

SigmaTheDJ commented 1 year ago

Because this is a mistake of others, I cannot do anything myself.

As the developer of the software, you can report the false positive here: -

https://www.microsoft.com/en-us/wdsi/filesubmission/

Yutaka-Sawada commented 1 year ago

As the developer of the software, you can report the false positive here:

Yes, I did yesterday. Though Microsoft received my submission, it doesn't detect anything currently. It said that MultiPar.exe was a malware some hours ago. It says that MultiPar.exe isn't a malware now. I don't know what was happen in this hours. Microsoft might find its mistake and updated its database quickly.

Microsoft Analyst comments as below:

We cannot reproduce any detection on the file. If the detection is still observed, follow the steps below to capture support log files from the system reporting detection.

VirusTotal result was changed. Though Microsoft is undetected, some others are false positive still. Do I need to report false positive to them, too ? But, I cannot find report page for "Yomi Hunter".