search

nomns / nparse

Nomns' Parser for Project1999
GNU General Public License v3.0
43 stars 22 forks source link

Windows Security Vulnerability? #17

Open verax606 opened 4 years ago

verax606 commented 4 years ago

So, I love me some nparse, and now I don't want to play without it! Windows Security just flagged mine as a threat, and quarantined it.

Threat Detected: Behavior:Win32/DefenseEvasion.WR!ml Alert Level: Severe Detail: This program is dangerous and executes commands from an attacker

It was running fine for the last week or so, until just about an hour ago for me.

Anyone else having issues?

nomns commented 4 years ago

Unfortunately, I make the executable with PyInstaller and having false positives is a known issue. If you don't feel safe white flagging the executable, you can run nparse from the source.

See the Virus Total results.

paulmac57 commented 4 years ago

Same problem here, so have white flagged the command in windows firewall but when running as administrator getting "windows cannot access the specified device path or file, you may not have the appropriate permissions to access the item"

Also tried running from source and am getting lots of similar messages to this when running python3.6 { "resource": "/e:/Users/paul/Downloads/nparse-0.5.1/nparse-0.5.1/nparse.py", "owner": "python", "code": "no-name-in-module", "severity": 8, "message": "No name 'QIcon' in module 'PyQt5.QtGui'", "source": "pylint", "startLineNumber": 7, "startColumn": 1, "endLineNumber": 7, "endColumn": 1 }

paulmac57 commented 4 years ago

Needed to do :- pip install pyqt5 and pip install requests to get the source code working but still having permission problems with nparse.exe even when running as administrator

nomns commented 4 years ago

Interesting. I just setup a new dev environment for nParse and it installed requests. Also, I just downloaded the 0.5.1 (uhg, been way too long) release and once I allowed it through defender, it works without issue.

I am going to use this week (got some time off work finally) to get some stuff together for an update. Hopefully pyInstaller has fixed some of these false flags.

bigdaddy4747 commented 4 years ago

Unfortunately, I make the executable with PyInstaller and having false positives is a known issue. If you don't feel safe white flagging the executable, you can run nparse from the source.

See the Virus Total results.

@nomns I am getting 21/72 engines flagging it as unsafe when uploading the file myself and using your link just FYI.

nomns commented 4 years ago

@bigdaddy4747 Yeah, those are the false positives.