Windows x64 Executable Flagged by Virus Scanner

netinvent / npbackup

A secure and efficient file backup solution that fits both system administrators (CLI) and end users (GUI)

GNU General Public License v3.0

174 stars 5 forks source link

Windows x64 Executable Flagged by Virus Scanner #29

Closed herzfeldd closed 6 months ago

herzfeldd commented 1 year ago

npbackupx64.exe from the Releases page is flagged by Windows Defender as containing an active trojan:

Detected: Trojan:Win32/Wacatac.B!ml

Microsoft directs users to this help page after downloading.

deajan commented 1 year ago

Damn AV editors and their stupid assumption that anything that is compiled with Nuitka is a virus... You're safe, the public binaries are digitally signed. Anyway, I'm investigating ways to get rid of the detection, but with not so much luck until now.

deajan commented 1 year ago

Did submit current executable to Microsoft at https://www.microsoft.com/en-us/wdsi/filesubmission in hope they will unflag it.

On Virustotal, there are still 5 AV engines that don't like python, eg https://www.virustotal.com/gui/file/c42dd33d0b63ba385adc8856961a74d89a72bd2367f67d34737ede9ce54277a7

nklamann commented 1 year ago

I have the same problem. But How can I use the file anywy ?

deajan commented 1 year ago

Executable is safe, this is just a false positive. You can make an exception for the file un your AV product.

GuitarBilly commented 10 months ago

FYI - testing latest release of Aug 29 2023. Our company is using Rapid7 which also flags and blocks NPbackup.exe on W10 : https://www.virustotal.com/gui/file/3c704d64f4e7dbbdf40cc8d1c9845feff662a242bf7817894b8a983514613a23/detection

deajan commented 10 months ago

I know this. It's not the program, but the compiler (Nuitka) that produces false positives because of the packaging format AFAIK. I'm currently in the end phase writing NPBackup v3, which will still make use of Nuitka, but with a different packaging scheme to avoid false AV detection. In the meantime, I can only suggest to make an exception on your AV engine.

deajan commented 10 months ago

Also, you can compile NPBackup yourself as per the compile instructions if you don't trust the public executables, but you'll end up with the same result. The public executables are digitally signed by my company, so I vouch for their integrity.

Once NPBackup v3 is finalized, I'll check again how I can get Nuitka compiled executables not to be flagged, especially since they're only flagged because it's compiled python. A hello world exe would be flagged too. It's quite a shame that AV vendors don't really go the extra mile for an open source project like Nuitka and just flag everything it produces.

deajan commented 6 months ago

So basically, we have to avoid using --onefile parameter in Nuitka since this produces alot of false positives, whereas --standalone almost passes all antivirus engines (see ANTIVIRUS.md for more details)