upadrian
commented
3 years ago Avast too
Open MarcoNovaro opened 3 years ago
upadrian
commented
3 years ago Avast too
justinmayer
commented
3 years ago @ajaxray: This seems like a rather serious problem. Would you please take a moment to acknowledge this?
ajaxray
commented
3 years ago @justinmayer @MarcoNovaro @upadrian,
Thanks for reporting. I'll check it soon (InshaAllah).
shokkakhan
commented
3 years ago also hit with Trojan:Win32/Zenpack!ml by Win Def
Robert-M-Muench
commented
2 years ago Mostly due to UPXing the binaries.
Ama1999
commented
1 year ago More detections at the latest released version. Something like half of vendors. It does seem to be mostly due to UPX compression which is linked to obfuscation of course, but there's also some other behavioral analysis, most of which is totally innocuous (like reading the system time often, obviously a utility like this would need to!) but some I have more trouble understanding fully. Would be nice to have a sufficient response to this matter.
ajaxray
commented
1 year ago @Ama1999 @Robert-M-Muench @shokkakhan,
I didn't find anything specific that could be changed to avoid this issue confidently. If the issue is related to only the Windows platform, is it OK to avoid compression for the windows build?
Please suggest.
Ama1999
commented
1 year ago @Ama1999 @Robert-M-Muench @shokkakhan,
I didn't find anything specific that could be changed to avoid this issue confidently. If the issue is related to only the Windows platform, is it OK to avoid compression for the windows build?
Please suggest.
I have not (yet) extensively looked through the other OS' binaries to the point I could confidently say whether or not compiling without (UPX) compression would fix the issue adequately. Certainly I'd think it strange if it didn't significantly lower a lot of the more 'threat score'-oriented AV engines. However, there may also still be some other heuristics, besides UPX comp. being assumed by many AV engines to be malicious, almost by default; that may or may not flag your solution/env as likely malicious or compromised. Really all you can do about this as far as I know, which is not a lot!, is things like: Removing vulnerabilities or potentials for exploits, seeing as those can sometimes be flagged as malicious code or make it more likely for the code to be flagged or even disqualified in some cases (I believe, if behavior can't be classified as malicious or beneficial/neutral) as for example Trojans.
Sorry I couldn't really be of (much) help!
Windows defender detects the virus Trojan:Win32/Zpevdo.B!ctv in the Windows release v0.1.0 The file uploaded to VirusTotal is detected from 8 engines (some of them with "high confidence").