NeSync installer on windows detected as malware

[fxdeniz]

NeSync uses NSIS as a installer on Windows. And, antiviruses Bkav Pro and SecureAge flag exe files based on NSIS as a virus.

Detection names: Bkav Pro: W32.AIDetectMalware SecureAge: Malicious Gridinsoft: Ransom.Win32.Wacatac.oa!s1

VirusTotal result for version 1.8.1 installer

VirusTotal result for version 1.8.0 installer

VirusTotal result for version 1.7.0 installer

From detection names, we can conclude that, detections are machine learning based. Both, Bkav Pro and SecureAge APEX are advertised for their AI capabilities. However, this is a false positive.

Update: Starting from september 6, Gridinsoft also marks installers for versions 1.8.x marks as malware.

To solve this issue, I'll communicate with two vendors.

• [ ] Get in touch with Bkav Corporation
• [x] Get in touch with Secureage Technology Pte Ltd
• [ ] Get in touch with Gridinsoft LLC

[fxdeniz]

I reached to SecureAge (4th of September) via their false positive reporting page

And within same day, I received this reply which says they will remove false positive detections.

[fxdeniz]

Also, I sent e-mail to fpreport@bkav.com and bkav@bkav.com in september 4

but still no response

[fxdeniz]

Today, I released the version 1.8.1

I reached to all of the vendors. Again, clearing false positives for new installer.