Closed glenritchie closed 7 years ago
Well that's unfortunate. Any idea why? My guess is that it's just a false positive, but if the binary is corrupted that would be pretty bad.
At least it's only the 32-bit version, which virtually nobody should be using anyway.
It's up to twelve now... huh? The 64 bit executable has two detections.
@randomascii just for safety, maybe you should run a full system antimalware scan? I'll do so later tonight. I don't expect to find anything, but at least it's a good excuse for a full system scan.
I've submitted it to Bitdefender for review, my version quarantined it when I downloaded it, I'll let you know what they reply with if I get a response.
No longer detected by Bitdefender but still showing malicious by 5 anti-virus engines ( McAfee being the most well known).
Perhaps add a notice to the releases page letting people know it could be a false positive?
I added a note to the latest release, linking to this issue.
You might try signing your release binaries. These days, no signature is a warning sign for anti-malware engines.
Binaries are signed now. Virustotal now gives UIforETW.exe a clean bill of health - 0/60. UIforETW32.exe gets a score of 0/60 also. Closing as fixed?
Release v1.28 - https://github.com/google/UIforETW/releases/download/v1.28/etwpackage.zip
uiforetw32.exe is detected by (at the time of this post) 9 anti-virus engines as malicious.
See: https://www.virustotal.com/en/file/ef59759757396d329b9a2fd25fef83c58ffe49a6004baa4b49bcc8ab0dffbd71/analysis/