Windows - False Positive ??

cdgriffith / FastFlix

FastFlix is a free GUI for H.264, HEVC and AV1 hardware and software encoding!

https://fastflix.org/

MIT License

1.12k stars 55 forks source link

Windows - False Positive ?? #232

Closed centuryx476 closed 3 years ago

centuryx476 commented 3 years ago

Windows did a scan and found this HmmmWhat

djsat2 commented 3 years ago

Also just started getting this.

centuryx476 commented 3 years ago

Glad I'm not alone. I took FastFlix out and now doing a deep scan of the entire computer.

cdgriffith commented 3 years ago

Thanks for the heads up, I'll send a sample to Microsoft to hopefully get that cleared up

cdgriffith commented 3 years ago

This is most likely a byproduct of using PyInstaller / possibly UPX to package the code. As soon as other more nefarious stuff using the same packaging program everything similar gets flagged. (It's of course always possible to just run the code with Python directly so you don't have to worry about the binary packaging process having the remote chance of sneaking anything in https://github.com/cdgriffith/FastFlix#running-from-source-code )

I have submitted the false positive report to Microsoft, so now just have to wait until they check it out.

centuryx476 commented 3 years ago

Awesome, Let's keep this open till we get a response from Microsoft or the false positive is added to the Microsoft defender list.

cdgriffith commented 3 years ago

Ok it's cleared up. May take a few days for signatures to update in defender.

fastflix.exe
Submission ID: b43460cf-68f8-4f07-8d9c-123b40daf4f6
Status: Completed
Submitted: Jun 5, 2021 1:55:48 PM
User Opinion: PuaFalsePositive
Analyst comments:

We have removed the detection. Please follow the steps below to clear cached detection and obtain the latest malware definitions.

1. Open command prompt as administrator and change directory to c:\Program Files\Windows Defender
2. Run “MpCmdRun.exe -removedefinitions -dynamicsignatures”
3. Run "MpCmdRun.exe -SignatureUpdate"

Tree View fastflix.exe
Cloud   Not malware No malware detected
Client       Not malware   No malware detected

centuryx476 commented 3 years ago

Ok it's cleared up. May take a few days for signatures to update in defender.

fastflix.exe
Submission ID: b43460cf-68f8-4f07-8d9c-123b40daf4f6
Status: Completed
Submitted: Jun 5, 2021 1:55:48 PM
User Opinion: PuaFalsePositive
Analyst comments:

We have removed the detection. Please follow the steps below to clear cached detection and obtain the latest malware definitions.

1. Open command prompt as administrator and change directory to c:\Program Files\Windows Defender
2. Run “MpCmdRun.exe -removedefinitions -dynamicsignatures”
3. Run "MpCmdRun.exe -SignatureUpdate"

Tree View fastflix.exe
Cloud Not malware No malware detected
Client       Not malware   No malware detected

Yup, Looks like Windows Defender is happy. High Fives All around