search

imchillin / CMTool

MIT License
206 stars 49 forks source link

Alarming detection by Kaspersky/ Win Defender #81

Closed bashed0 closed 3 years ago

bashed0 commented 3 years ago

There comes the Trojan 'programm:win32/uwamson.a!ml' with the new update

rblanker commented 3 years ago

Detection by 10 virus vendors (these might be false positives). Only Microsoft defender seems to detect Program:Win32/Uwamson.A!ml

Scanned using the version in the release zip Concept Matrix 2.0.14.3 https://www.virustotal.com/gui/file/437b36fa22e0fc3d2b6d6cc03a5e8fe85b600e5c0d9e0180c953709d873b20fa/detection

The previous version had 3 other detections, so remember these can be false positives, but 10 is something that needs to be investigated.

The korean update stopped working after the first automatic update for me too. I am using previous version, which works fine. I got Windows 10 UK build 19041.985. Windows anti-virus has blocked the program with the korean update locally. It rate it as a low threat. That is why for me the korean update is not working.

I do not recommend allowing the program to run with bypassing the anti-virus, until we get a new build or confirmation that it is a false positive. Use the previous version instead.

Guarrd commented 3 years ago

I don't know if it's at all relevant, but I found this reddit post after a quick google search https://www.reddit.com/r/antivirus/comments/l3v1e4/trouble_with_possible_programwin32uwamsonaml/

It does trigger my Microsoft Defender as well, but I know that it's known to be fairly overzealous at the best of times. According to the above reddit post, what the OP sent in for analysis was deemed a false positive by Microsoft. I don't know if this also applies here.

I would be hesitant about calling it anything, in this case a trojan, without any evidence to support whether or not it actually is one. In any case, I agree with rblanker that one should still be careful about it until we get some confirmation or a new build from the devs.

bashed0 commented 3 years ago

In my case it was Kaspersky. If you search for Program: Win32 / Uwamson.A! Ml, you will also find various reports about it on Google. As a precaution, I first titled it as a Trojan so that the creator would react to the post and explain the file. It is better to be careful right from the start

LeonBlade commented 3 years ago

Latest build fixes it. It was just a false positive. This latest build changes nothing about the codebase except for one thing (the assembly version) and yet the results of the scan has changed.

https://www.virustotal.com/gui/file/6e041388ce2bc913640492ddc82b29f93d054d2c747e2998feaff10ba4c35d83/detection