Windows Defender reports encfs as trojan

[brihuega]

Environment

• Windows version: Windows 10 Enterprise
• Processor architecture: x64
• Encfs4win version: 1.10.1-RC8
• Dokan version (legacy, modern): modern

  Description

On first run of encfsw.exe, Windows Defender reports it as Trojan:Win32/Varpes.M!cl and removes it.

[jetwhiz]

Hi @brihuega -- thank you for the bug report!

Is this with the latest definitions for Windows Defender, and all latest Windows updates? When I scan this on my Windows 10 machine it comes up clean, even when scanning with Malwarebytes.

If so, can you verify that the SHA1 or SHA256 of encfsw.exe matches the released version (https://github.com/jetwhiz/encfs4win/releases/download/1.10.1-RC8/HASHES):

SHA256: 2B8374CBAC3A5E7B91E4F9451F080BA0C9B96BD995A815FD30B3B8BC319D3CF6 SHA1: 8BF166210FD5E120EAA30D1757CD22B65EDF7669

You can use this online tool to calculate it, for instance (https://md5file.com/calculator).

If all else fails, you can submit the file to Microsoft (https://www.microsoft.com/en-us/security/portal/submission/submit.aspx) to be analyzed so that they can fix their definitions as appropriate.

[brihuega]

Hi @jetwhiz

I can't check de original hash, because Defender wiped the file from the system. I reinstalled the complete set today, and the hashes are OK. I've been running it for a few hours without issues. I updated the virus definitions. Hopefully it was a false alarm. I will tell you if it happens again. Regards

[jetwhiz]

@brihuega -- hopefully it was just a false positive that was fixed by a definition update.

Also, from now on I will include signed hashes of all of the executables that are released so people can verify that the software was downloaded and installed correctly.

Please let me know if you experience any other issues!