Virus scanner false positive

[infinitel8p]

Kaspersky and VirusTotal flags the .exe as Trojan.

VirusTotal Scan for 'MultiViewer for F1.exe'

[f1multiviewer]

Hey @infinitel8p, unfortunately, this is a known issue, likely related to the fact that this app uses Electron, and isn't 'codesigned' on Windows, which makes it similar to other Electron-based apps, some of which may be malware, but this is not. I'm still looking at this, but so far, updating Electron didn't seem to fix this, and code-signing certificates require me to give up my anonymity, something I'm not willing to do at this time.

Potentially, a member of the community might step in and provide a code-signing certificate for MultiViewer to use, similar to how another member did this for macOS, but so far, nobody offered this.

[f1multiviewer]

Reached out to Gridinsoft and they say it should be corrected soon 🙏

[f1multiviewer]

Just an update: it still seems to be flagged on VirusTotal. I reached out to VirusTotal, and also re-opened the case with GridinSoft, hopefully this can be resolved soon.

[f1multiviewer]

VirusTotal replied this:

Hello,

VirusTotal only aggregates data from a variety of vendors. We produce no verdicts of our own and as such, we can’t modify these results. We are not intended to be an authoritative reputation engine, but rather provide intelligence and context to users so that they can make the best decision. 1/60 and even 5/60 doesn’t automatically mean “Bad”, and 0/60 doesn't always mean good. Each decision on whether something is malicious ultimately the responsibility of users or the security vendors who use the data to improve their services.

Below are the steps to take if you want to fix a false positive report.

1. If the false positive is for a File or a URL try re-scanning first.
2. If the false positive persists please reach out to the vendor that is producing it providing a link to the Virustotal report. List of vendor contacts can be found at the table below.
3. If you do reach out to us, we will tell you to reach out to the vendors, as we will not be able to modify any results of scans.
4. We cache some URL results. If vendors have confirmed removal but a URL is still detecting, please reach out to us along with evidence that the vendor has removed your URL from the blacklist, as we may be able to speed up propagation.

...but this isn't particularly helpful. I'll wait for GridinSoft to respond, hopefully something went wrong while removing the false-positive, and it's an easy fix 🙏

[f1multiviewer]

Reached out to them again, they say they'll fix it ASAP, but it's still being flagged. I'm not sure this will be resolved any time soon, and there's not much I can do from my end to prevent it. I'll check up with them in a week if it's not resolved by then.

[f1multiviewer]

it does seem that at least kaspersky no longer flags it:

https://opentip.kaspersky.com/C09475EF80FEA6D480001A3A11FD3F63180A70482613B6320F470CD48A5C296A/results

[infinitel8p]

thanks for the follow-up, ill check it later as well and give you feedback 👍

[infinitel8p]

Issue seems to be solved, made a full scan with kaspersky after installing multiviewer and got no errors

[f1multiviewer]

Not just that! It also is clear now on GridinSoft/VirusTotal: https://www.virustotal.com/gui/file/7d1427bbbd5b26e5504c04242d560aa4fe11f85fa83d54f7e4f3008fd6ef9b97

That means it's completely fixed! 💚

[f1multiviewer]

Unfortunately, I'm reopening this as it remains an issue, and an update from GridinSoft confirming that without a code-signing certificate, I won't be able to be unlisted as a false-positive.

[LapsTimeOFF]

Any news ?

[f1multiviewer]

Yes, I've gotten an offer from a member to buy us a code-signing certificate, which will be introduced just before the season starts. I thought doing it during the off-season was a bit wasteful ;)

[LapsTimeOFF]

Perfect ! Let's hope it will correct the issue !

[LapsTimeOFF]

And for the problem on the ticket I posted a few weeks ago by Avast blocking the domain, any news on that ?https://discord.com/channels/982375740764983366/1050075400946057336

[nick-potts]

This should be able to get closed now ;)

[wizard4u]

Avast flags it still as virus

[f1multiviewer]

@wizard4u yeah, we're still working on getting code-signing to work, but it's rather difficult, as it seems to break Castlabs' EVS signing, which is required for widevine playback.