search

joncage / ed-scout

An Elite Dangerous companion app to simplify finding unexplored worlds
MIT License
133 stars 18 forks source link

AV Detects as Trojan #150

Closed november781 closed 3 years ago

november781 commented 3 years ago

This just started recently that Sophos will detect the exe file as Troj/AutoG-KP and will remove the file. I am still looking into why this is.

https://www.virustotal.com/gui/file/cd63e536fe177452883eca53322bba3bb79334f3ab85a16acc6846544da2c207/detection

november781 commented 3 years ago

Updating with a list of AVs that are detecting this file as malicious image

Most of these seem to be AI detections, but it might be worth checking out why

november781 commented 3 years ago

Probably my last update, this time with the rules that have likely triggered the detection image

rocknrollbetty commented 3 years ago

Same problem here - with norton AV. I overrode norton, then tried to re-install, but edscout said previous install was incomplete and wanted to do a system restart.....so i declined and un-installed. Not confident it is safe.

joncage commented 3 years ago

The software is open source so you're welcome to make your own judgement. I package it up on my development machine and publish it here but if you look at the above listings, those are inline with the content of the software and are IMO innocuous.

For most releases, various virus checkers have flagged it. Microsoft have always reverted that (I suspect automated) initial decision.

You should always do what you feel best of course, but to the best of my knowledge there is nothing nasty lurking in EDScout.

november781 commented 3 years ago

The software is open source so you're welcome to make your own judgement. I package it up on my development machine and publish it here but if you look at the above listings, those are inline with the content of the software and are IMO innocuous.

For most releases, various virus checkers have flagged it. Microsoft have always reverted that (I suspect automated) initial decision.

You should always do what you feel best of course, but to the best of my knowledge there is nothing nasty lurking in EDScout.

I'm sure it's mostly safe, did a bit of digging for the earlier comments, but just be worth looking for an alternative to pyinstaller which is what is triggering these as far as I can tell.

rocknrollbetty commented 3 years ago

thanks for the response ... 'fraid code trawling is a bit beyond me now - IBM mainframe girl here! <showing her age :)> maybe I'll just have another try!

joncage commented 3 years ago

Haven't heard any reports of 1.8.2 doing this so closing for now.