Open poma opened 6 years ago
Note the €28 figure from signum is if you have the "I have my own reader and and cryptographic card (Activation code)" option selected. I have no idea what this means, but when you turn it off the price jumps to €86.
Kaspersky thinks it is malware too:
04.09.2017 17.08.03 Malicious program deleted PDM:Trojan.Win32.Generic Application name: Uploads Heroes of the Storm replay Application path: e:\downloads\hotsapiuploadersetup.exe Time: 9/4/2017 5:08 PM 04.09.2017 17.08.03 Malicious program deleted PDM:Trojan.Win32.Generic Application name: Uploads Heroes of the Storm replay Application path: c:\users\mike\appdata\local\hotsapi\app-1.3.0\hotsapi.uploader.exe Time: 9/4/2017 5:08 PM 04.09.2017 17.07.55 Malicious program terminated PDM:Trojan.Win32.Generic Application name: Hotsapi.Uploader.Windows Application path: C:\Users\mike\AppData\Local\Hotsapi\app-1.3.0\Hotsapi.Uploader.exe Time: 9/4/2017 5:07 PM 04.09.2017 17.07.55 Malicious program detected PDM:Trojan.Win32.Generic Application name: Uploads Heroes of the Storm replay Application path: e:\downloads\hotsapiuploadersetup.exe Time: 9/4/2017 5:07 PM 04.09.2017 17.07.55 Malicious program detected PDM:Trojan.Win32.Generic Application name: Uploads Heroes of the Storm replay Application path: c:\users\mike\appdata\local\hotsapi\app-1.3.0\hotsapi.uploader.exe Time: 9/4/2017 5:07 PM
Both Norton AV and Windows Defender flag it as "Untrusted". Norton AV's SONAR sandboxing system flagged it as "suspicious". Code signing will solve this, but are expensive.
Do you use latest AV update? because on VirusTotal both Symantec and Kaspersky show up as Clean
It's not flagged as malware, just as "suspicious". SONAR uses heuristic behavior-based detection, not signatures. VirusTotal only uses the signature-based detection engine.
You can get it to run under Norton AV, but you have to ignore a couple of warnings first.
do you think this is all because of the 'start with windows' checkbox? if so, maybe there's a other way to get it to start with windows like using the user's start menu Startup directory or something.
a lot of apps have a start with windows option.... do they all get flagged like this too?
I think for registry based startup code signing is a big deal. Although now that windows 10 shows all startup items in task manager there shouldn't be much difference, so just historical reasons I guess.
I've started implementing shortcuts in link-based-startup
branch some time ago but didn't release it because Squirrel.Windows doesn't return shortcut paths. I can hardcode them instead if it helps with AV.
UPDATE: I failed to get a code signing cert because of how complex this process is in Russia. None of the notaries I've asked even had a clue how this verification process works, and it was hard to get some required documents because I don't have most of them, and the also needed to be translated to English and officially verified.
So yeah I've requested a refund for certificate purchase.
Uploader needs to be signed to prevent some nasty warning screens in browsers/antiviruses. I wasn't able to find any free certs for open source. The cheapest one found to date if from signum €28. Leaving this issue for later when we will have enough funds.