uiforetw32.exe - detected as malicious by various antivirus engines

[glenritchie]

Release v1.28 - https://github.com/google/UIforETW/releases/download/v1.28/etwpackage.zip

uiforetw32.exe is detected by (at the time of this post) 9 anti-virus engines as malicious.

See: https://www.virustotal.com/en/file/ef59759757396d329b9a2fd25fef83c58ffe49a6004baa4b49bcc8ab0dffbd71/analysis/

[randomascii]

Well that's unfortunate. Any idea why? My guess is that it's just a false positive, but if the binary is corrupted that would be pretty bad.

At least it's only the 32-bit version, which virtually nobody should be using anyway.

[ariccio]

It's up to twelve now... huh? The 64 bit executable has two detections.

@randomascii just for safety, maybe you should run a full system antimalware scan? I'll do so later tonight. I don't expect to find anything, but at least it's a good excuse for a full system scan.

[glenritchie]

I've submitted it to Bitdefender for review, my version quarantined it when I downloaded it, I'll let you know what they reply with if I get a response.

[glenritchie]

No longer detected by Bitdefender but still showing malicious by 5 anti-virus engines ( McAfee being the most well known).

Perhaps add a notice to the releases page letting people know it could be a false positive?

[randomascii]

I added a note to the latest release, linking to this issue.

[snowkoan]

You might try signing your release binaries. These days, no signature is a warning sign for anti-malware engines.

[randomascii]

Binaries are signed now. Virustotal now gives UIforETW.exe a clean bill of health - 0/60. UIforETW32.exe gets a score of 0/60 also. Closing as fixed?