MSI Dopwnload found Virus

[Torpedro1978]

When i try to download the msi, a virus warning pops up from Browsers and Windwos Defender.

https://github.com/joshpatten/PVE-VDIClient/releases/tag/2.0.2

vdiclient-2.0.2-64.msi

[knuuuut]

Me too. Uploaded it to virustotal.com:

[diegogyn]

Same here, is the project reliable or is it a false positive?

[jpattWPC]

Very much a false positive.

On Wed, Feb 21, 2024 at 8:28 AM Diego @.***> wrote:

virus.png (view on web) https://github.com/joshpatten/PVE-VDIClient/assets/681664/90d51a59-2953-4267-ab3d-3f05062e8dee

Same here, is the project reliable or is it a false positive?

— Reply to this email directly, view it on GitHub https://github.com/joshpatten/PVE-VDIClient/issues/98#issuecomment-1956773187, or unsubscribe https://github.com/notifications/unsubscribe-auth/AD4U7MCR5QNK5GLTB7UOFDDYUX775AVCNFSM6AAAAABC2JEFCCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSNJWG43TGMJYG4 . You are receiving this because you are subscribed to this thread.Message ID: @.***>

--

Josh Patten President

Westpark Communications, L.P. 8917 Louetta Rd, Suite 400 Spring, TX 77379 Ph: 713.785.3238

-- https://www.westparkcom.net https://www.westparkcom.net/

https://www.facebook.com/Westparkcom https://plus.google.com/115805397773385459794 https://www.linkedin.com/company-beta/854512/ https://twitter.com/westparkcom

Confidentiality Notice: The information contained in or attached to this message may be privileged, confidential, and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately and delete the message as received.

[diegogyn]

Very much a false positive. … On Wed, Feb 21, 2024 at 8:28 AM Diego @.> wrote: virus.png (view on web) https://github.com/joshpatten/PVE-VDIClient/assets/681664/90d51a59-2953-4267-ab3d-3f05062e8dee Same here, is the project reliable or is it a false positive? — Reply to this email directly, view it on GitHub <#98 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/AD4U7MCR5QNK5GLTB7UOFDDYUX775AVCNFSM6AAAAABC2JEFCCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSNJWG43TGMJYG4 . You are receiving this because you are subscribed to this thread.Message ID: @.> -- Josh Patten President Westpark Communications, L.P. 8917 Louetta Rd, Suite 400 Spring, TX 77379 Ph: 713.785.3238 -- https://www.westparkcom.net https://www.westparkcom.net/ https://www.facebook.com/Westparkcom https://plus.google.com/115805397773385459794 https://www.linkedin.com/company-beta/854512/ https://twitter.com/westparkcom Confidentiality Notice: The information contained in or attached to this message may be privileged, confidential, and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately and delete the message as received.

maybe this will help: https://github.com/hankhank10/false-positive-malware-reporting

[Entropy512]

As the link provided by @diegogyn hinted, this routinely happens for anything packaged using pyinstaller, and has been happening for YEARS because n00b malware writers decide to write something in Python and then deploy it using pyinstaller... This triggers heuristics-based scans even when the payload is benign.

In fact, at a previous job, I had my PC quarantined just for installing pyinstaller in pip - even the "stub loader" part of pyinstaller without any Python payload got flagged even though it literally can't do anything on its own.

If you're REALLY paranoid you can install Python for Windows and clone the source using git.