Open jansuvak opened 5 years ago
I've contacted Bitdefender and they're currently "analyzing" the file. As soon as I hear back from them I'll leave a comment here.
Same problem here !
I'll keep this open until they respond to us.
Me too. Looking for an update...
According to BitDefender this file will not be detected in a few updates (I don't know what's an "update" either). I emphasised that we sign our binaries with an EV certificate from a trusted vendor so our software shouldn't be detected, but they claim it's not (I've checked multiple builds many times, we sign everything).
If you run into this again I would definitely recommend reporting it to BitDefender rather than us, especially if you're paid customers. There's not much that we can do about antivirus companies randomly deciding that we're ransomware.
@pzduniak according to VirusTotal and Windows, keybaserq.exe is NOT signed. This is the file that Bitdefender is complaining about.
It does not complain about the main keybase.exe (without the rq) as it IS signed.
and side-by-side in Windows, keybaserq.exe does not have a Digital Signatures tab like keybase.exe does.
Unfortunately this is still an issue. I just had it happen to me. I've set up an exception for keybaserq.exe, but obviously this is not ideal.
@pzduniak same issue as dustin, the keybaserq.exe does not have a digital signature section. Does this indicate it's unsigned? When you open it up on your computer does it have a digital signature section?
Bumping this back up @pzduniak any updates?
Malwarebytes just flagged and quarantined the keybaserq.exe file on my system. haven't seen this previously.
malwarebytes-keybaserq.txt
Now detected by 7 AV engines. This file really should be signed.
https://www.virustotal.com/gui/file/69feba321acb012881ad8c855668eb7e7791ab59d67093bc46abbb6fceec37f4
Keybase GUI Version: 3.2.2-20190411231308+5262f90fd9
The application is blocked by Bitdefender Total Security - ransomware remediation.
Putting the app on the exceptions lists solved the issue for me.
Ransomware behavior remediated 4 minutes ago
Feature: Ransomware remediation
The process C:\Users...\AppData\Local\Keybase\keybaserq.exe manifests ransomware behavior and was blocked. Your files have been protected from being altered.