Closed jhewitt0 closed 8 years ago
Hi @jhewitt0 ,
Thanks for logging this issue - we had another report of it, via Kaspersky but put it down to a false positive.
I have looked in more detail, and scanned the installer using http://www.virustotal.com
The report comes back with the following;
6/56 Antivirus applications detect issues with the installer.
I started off by scanning the build server using malwarebytes - that came back with a clean report of the system. The next step was to check the installer packager.
We use Inno Setup. -> An old version.
I have updated the Inno Setup Build Service to the latest version and recompiled an installer. I submitted this to virustotal and it came back with the following result: https://www.virustotal.com/en/file/82aa026fe1716abb4e624f9b895e15f3648715eff93f66c754a9b02ee44d6732/analysis/
3/56 Antivirus programs are saying the installer has issues.
This new installer package has been put onto the gitSQL website - but it still leaves us with the problem that the following AV programs will stop the installation;
On a side note, I had a check on Kaspersky to see if gitSQL.exe is in there list of known applications.
They have gitSQL versions 1.0.0.0 and 1.0.1.0 in their known (safe) applications. http://whitelist.kaspersky.com/advisor#search/gitsql
Would you try the latest installer on the website please?
I will continue to look at the issue to see what items inside the installer are causing the false positive.
I have submitted the installer to Symantec for a false positive review.
I will try to submit to Avast and Qihoo-360 too...
Submitted false positive to Kaspersky
Submitted false positive to Avast
Submitted false positive to 360 total security via https://www.360totalsecurity.com/en/suspicion/
Response from Symantec
Symantec FP Incident Response <falsepositives@symantec.com>
In relation to submission [3942278].
Having reviewed the information provided we are unable to reproduce or confirm the issue described.
Please ensure that you are using Symantec's latest virus definitions for detection. These can be found using live update or alternatively via the URL below.
http://securityresponse.symantec.com/avcenter/defs.download.html
Response from Kaspersky
newvirus@kaspersky.com
Hello,
Sorry, it was a false detection. It will be fixed in the next update.
Thank you for your help.
Sincerely yours,
S*** *****n,
Malware analyst.
Response from Total 360.
Dear Sir or Madam,
The file that you’ve submitted has been analyzed(Time: 2016-04-27 04:40:02; Software: setup-gitsql-1-2-1-exe; ID:2425879).
We sincerely appreciate your help of improving our products and services.
Result: Proper actions have been taken. If the false positive happens again, please add it into local Trust List and contact us again with support@360safe.com .
Thanks for your support.
Sounds a bit vague but I think it means it was a false positive.
Response from Avast.
Avast Customer Care customer.care@avast.com via freshdesk.com
Hello again,
Our virus specialists have been working on this problem and it has now been resolved. The provided file isn't detected by Avast anymore.
Please check the following articles about Avast virus policy:
Avast Clean Guidelines: https://www.avast.com/faq.php?article=AVKB228
Avast File Whitelisting: https://www.avast.com/en-us/faq.php?article=AVKB229
We are sorry for the inconvenience. If you have any further questions, don't hesitate to contact me again.
Great work @anupsaund, thanks for the clarification
Thanks for all the work on checking this out. I'll give it another try and see if I can get it to download.
Wanted to give the free edition a whirl to see if it will meet my group's needs -- but our corporate Web Gateway (McAfee Web Gateway) is detecting this as a trojan as well and will not allow me to download it.
Hi @shuzer,
I had a look to see how I would go about reporting a false positive to McAfee;
Details here; https://kc.mcafee.com/corporate/index?page=content&id=KB62662&actp=null&viewlocale=en_US
I think I may not have enough information to submit the request :0(
Would you be able to get the installer whitelisted internally @work instead?
Sorry if it's a poor suggestion.
Hi, I tried to download the installer and Norton anti-virus removes the file because it thinks it has a Trojan in the file. Can you verify that the installer is in fact clean and safe to use?
Thanks!