search

idrassi / DirHash

Windows command line utility to compute hash of directories and files
BSD 3-Clause "New" or "Revised" License
111 stars 11 forks source link

Windows Defender blocks download of version 1.7.1 zips #1

Closed SethDG closed 6 years ago

SethDG commented 6 years ago

I tried downloading either the 64bit or the 32bit version of the 1.7.1 release and every time I try and download it, Windows Defender intercepts it and immediately deletes the file claiming it as a virus. Version 1.6 downloads fine.

Any idea why? Or what I should do in the meantime?

idrassi commented 6 years ago

Thank you for reporting this.

This is clearly a false positive. Both files are clean and they were checks using an antivirus before upload. You can also use virustotal.com website to verify also that they are clean from any infection. Probably this detection was triggered by the fact that 1.7.1 introduce usage of Windows clipboard.

Unfortunately, Windows Defender is notorious for its false positives and it is a deliberate strategy from Microsoft since it increases safety ratio for end users at the expense of usability and also it compensate for potential weaknesses of their detection engine.

Anyway, I will try to contact Microsoft to submit this false positive detection.

idrassi commented 6 years ago

Just an update to say that the 64-bit version of DirHash 1.7.1 is not affected by this false positive detection. If you are running a 64-bit version of Windows, then you should use it instead while I'm waiting for Microsoft feedback of the false positive submission.

SethDG commented 6 years ago

Interesting, on my Windows 10 laptop, the 64bit version of 1.7.1 is still blocked by Windows Defender. I wonder if the virus definitions of my laptop are different from yours

idrassi commented 6 years ago

On the machine I tested, the Threat definition version is 1.273.933.0 (created on 6:17:55 PM : Monday, August 6, 2018).

If it is not the same, you should perform a Windows Update in order to get the latest Threat definition.

SethDG commented 6 years ago

Thanks! I had 1.273.922.0 and it was blocked. After updating to 1.273.933.0, I was able to download the 64bit version

idrassi commented 6 years ago

Microsoft has fixed the false positive issue in version 1.273.950.0 of Windows Defender Threat definition. After performing a Windows Update on your machine you should no longer have this problem.

Thank you for reporting this issue. I will close this ticket. Pleas feel free to reopen if you encounter the same problem in the future.