setup.exe considered as potential malicious program (Win32/Beareuws.A!ml)

nomis51 / Menagerie

A Path of Exile enhancement trading tool

Other

27 stars 2 forks source link

setup.exe considered as potential malicious program (Win32/Beareuws.A!ml) #1

Closed shosho-san closed 3 years ago

shosho-san commented 3 years ago

Hi, i have try to use setup.exe (v1.2.9-BETA), it is considered as potential malicious program by Windows Defender.

No problem when I scan the source, but when I put the POESESSID and click on Save, Windows Defender pop and kill the process. Program:Win32/Beareuws.A!ml

https://go.microsoft.com/fwlink/?linkid=142185&name=Program:Win32/Beareuws.A!ml&threatid=256596

good luck, it looks very cool :)

nomis51 commented 3 years ago

The app is hasn't been verified (cost too much money, especially for a free open-source app), so that's why Windows think it's not trusted.

But, the fact that Windows Defender kills it when you enter your session ID is a bit strange. Haven't experienced that issue on the two machines i've tested on, but I'll take a look!

Thanks for the feedback!

nomis51 commented 3 years ago

You can also (while I figured out the problem), whitelist the app in Windows Defender so it won't kill the app. The app updates are located in

C:\Users\<You username here>\AppData\local\Menagerie\<App version here (in your case it's 1.2.9)>\Menagerie.exe

shosho-san commented 3 years ago

thank you sir,

after few tries, i think we can separate the kill process and the windows Defender alert. i think the process kill is caused by a bug with notepad, i used it to copy/paste my POESESSID.

for the alert, menagerie.exe can be launched and start correctly. ps: i have not whitelisted the Menagerie.exe and it seems to works.

it's the 'setup.exe' and 'C:\Program Files (x86)\Menagerie Deployment\MenagerieDeploymentTool.exe' that are considered dangerous menagerie_malware

nomis51 commented 3 years ago

Yes, you're totally right about notepad. I was using it as a "placebo" in my testing when I was coding on my other machine that doesn't have PoE installed (e.g. to test whispers, etc.). Like I said in #2, there was debugging code still present in the release causing Menagerie to consider notepad as PoE 😂. I suppose Windows Defender wasn't very happy with Menagerie lurking system32 to find a Client.txt file, so it killed it 😂.

As for the Setup.exe, that's still curious and I haven't found a solution yet. So far, it seems like it's an issue with the setup/update manager i'm using with the app.

shosho-san commented 3 years ago

Hi, good news ! no more alert with the v1.2.11