Newest version is flaged by Kaspersky

bepass-org / warp-plus

Warp+Psiphon, an anti censorship utility for iran

MIT License

1.32k stars 236 forks source link

Newest version is flaged by Kaspersky #119

Open Astra060 opened 1 month ago

Astra060 commented 1 month ago

Version number 1.2.1

Describe the bug Alert is from Application Control, and it says "This program is trying to access software which can be used by criminals to harm this PC" This never happened with older releases. What did you change?

To Reproduce Copied the program from archive to a folder (any folder)

Expected behavior There is no reason for this to happen, something must be wrong with the new executable.

Desktop (please complete the following information):

OS: Win 10

Additional context I've been using this project for month, and this is a first.

abbasudo commented 1 month ago

I think this problem caused #118 . Windows defender prevented me from opening the app at first then I disabled the settings but still the app couldn't serve on a port.

markpash commented 1 month ago

Sadly proxy/vpn programs can often get flagged by antivirus programs. Generally what I do is submit a report to Microsoft and then they update their antivirus definitions through windows update. From what I've seen, when Microsoft has it in their database, other antivirus programs learn from it and stop flagging it.

Besides contacting antivirus companies each time there's a new release, there's not much I can do. (I already do this with Microsoft but I don't have time to email the others)

I'll keep this open so that others can read the comments here.

Mishasama commented 3 weeks ago

It was identified as potentially unwanted software by WD. This problem has only occurred in the last few days, perhaps there is a problem with the warp-plus's latest code, or it could be a problem with the latest virus signature database update.

markpash commented 3 weeks ago

It was identified as potentially unwanted software by WD. This problem has only occurred in the last few days, perhaps there is a problem with the warp-plus's latest code, or it could be a problem with the latest virus signature database update.

Yeah this is odd since it's been a while since windows defender has flagged the binary. The microsoft definitions used by virustotal still don't flag it, which is even more strange. I'll contact microsoft again.