cangot
commented
6 years ago I raised a similar issue : https://github.com/bramdejager/spcb/issues/82
Closed bdgit closed 5 years ago
cangot
commented
6 years ago I raised a similar issue : https://github.com/bramdejager/spcb/issues/82
vman
commented
6 years ago The information from this thread suggests Windows Defender might be giving a false positive for unsigned dlls/exes.
Checking SPCB.exe, it indeed doesn't have a strong name:
Benny56
commented
6 years ago v3.7 is also flagged
bramdejager
commented
5 years ago The information from this thread suggests Windows Defender might be giving a false positive for unsigned dlls/exes.
Checking SPCB.exe, it indeed doesn't have a strong name:
There is indeed no strong signing happening. I don't have a proper certificate to perform code signing. Singing it with a self-signed certificate creates other problems and does not solve this.
I'm curious if this is still an issue at the moment? Can anyone comment?
bramdejager
commented
5 years ago Received no reply anymore, closing the issue for now.
webash
commented
5 years ago I can confirm that Windows Defender (ATP, too) is still flagging this application as suspicious, likely due to the lack of DLL/code signing. I was reviewing a recent alert in WD ATP on @vman 's machine (we work together). Let me know if I can provide any information from the alert's that might help stop such false positive flagging in lieu of the expense/effort of code signing.
webash
commented
5 years ago @bramdejager we're still hitting this occasionally and it briefly gives me a fright until I remember this. If there isn't a solution without a code signing certificate, perhaps sponsorship could solve the funding gap for the cert? :) (perhaps I could see if there's an appetite to arrange that)
Today, 6/5/2018, Windows defender flagged and quarantined SPCB.exe v3.2.
as Trojan:Win32/Bluteal.B!rfn