Closed bdgit closed 5 years ago
I raised a similar issue : https://github.com/bramdejager/spcb/issues/82
The information from this thread suggests Windows Defender might be giving a false positive for unsigned dlls/exes.
Checking SPCB.exe, it indeed doesn't have a strong name:
v3.7 is also flagged
The information from this thread suggests Windows Defender might be giving a false positive for unsigned dlls/exes.
Checking SPCB.exe, it indeed doesn't have a strong name:
There is indeed no strong signing happening. I don't have a proper certificate to perform code signing. Singing it with a self-signed certificate creates other problems and does not solve this.
I'm curious if this is still an issue at the moment? Can anyone comment?
Received no reply anymore, closing the issue for now.
I can confirm that Windows Defender (ATP, too) is still flagging this application as suspicious, likely due to the lack of DLL/code signing. I was reviewing a recent alert in WD ATP on @vman 's machine (we work together). Let me know if I can provide any information from the alert's that might help stop such false positive flagging in lieu of the expense/effort of code signing.
@bramdejager we're still hitting this occasionally and it briefly gives me a fright until I remember this. If there isn't a solution without a code signing certificate, perhaps sponsorship could solve the funding gap for the cert? :) (perhaps I could see if there's an appetite to arrange that)
Today, 6/5/2018, Windows defender flagged and quarantined SPCB.exe v3.2.
as Trojan:Win32/Bluteal.B!rfn