TrendMicro Office Scan prevents installation of Keybase FS

keybase / client

Keybase Go Library, Client, Service, OS X, iOS, Android, Electron

BSD 3-Clause "New" or "Revised" License

8.91k stars 1.23k forks source link

TrendMicro Office Scan prevents installation of Keybase FS #8895

Open heini opened 7 years ago

heini commented 7 years ago

Hi,

seems that TrendMicro Office Scan somehow thinks the Keybase FS part is malware and prevents its installation on a Windows 7 laptop.

strib commented 7 years ago

cc: @zanderz @taruti

heini commented 7 years ago

Seems to work now in recent version (would tell you which one exactly, but there's no version info anywhere in the application).

heini commented 6 years ago

Happened again, but this time with the installer upon applying an update. TrendMicro deleted _Keybase1.0.36-20171121163324+f68b10e.386.exe because of a virus infection.

zanderz commented 6 years ago

The shipping installer comes up clean on 65/65 of these engines, one of which is TrendMicro. Could yours have been infected along the way? Are you able to take the hash of your copy of Keybase_1.0.36-20171121163324+f68b10e.386.exe ? https://www.virustotal.com/#/file/1d4a5381ce23b44b855cd856214530d79b5b703bee35e4191f9bcac76c433f27/detection

heini commented 6 years ago

@zanderz, sorry for replying that late.

No, I can't, unfortunately. The settings of TrendMicro (as configured by our sysadmins), are such that the file in question is deleted.

imhomos commented 6 years ago

https://scholar.google.com/citations?user=HrKMjNwAAAAJ&hl=en

heini commented 6 years ago

Just took a look into the TrendMicro logs. Happened again with both

Keybase_1.0.37-20171208121326+523e543.386.exe
Keybase_1.0.38-20171220134249+a7fe25d.386.exe

ShfSagi commented 6 years ago

Hi,

I have the same issue with installation of KeyBase on my PC.

I'm running the following version (see attachment)

It detects some files as virus (see attachment)

Please advise.

zanderz commented 6 years ago

Recently shipping versions do not trigger any of dozens of A engines in VirusTotal, including supposedly TrendMicro itself: https://www.virustotal.com/#/file/90e4ab31ab2a93bf4f3dfa90a89c24bd23adfed331545c0606ce459a394fe3ff/detection If those don't find any viruses, I doubt we can do anything about your installation of TrendMicro. Is it administered by some enterprise entity? If so, maybe you can ask your IT department for an exception for keybase? It's signed by a valide EV codesigning certificate.