Releases page flagged as Unwanted Software by Google Safe Browsing

[makuhlmann]

Describe the request The releases page of this repo has been flagged as malicious by Google, resulting in a big red warning in Chrome and Firefox (possibly other browsers too). As a result downloads are blocked as well and need to be allowed manually.

Screenshots

Desktop (please complete the following information):

• OS: Any
• Build Any

Additional context Related: https://geekflare.com/tools/tests/3o910hetl https://twitter.com/christitustech/status/1553445177221586947

[trlkly]

@vonDubenshire It doesn't seem to be for every EXE or ZIP file. It seems you can talk with Google to get them to change it. Squarespace did this for their customers, and there's no inherent reason that a file from a Squarespace site would necessarily be virus free.

@sguergachi That said, Chrome isn't completely blocking the file. There is a workaround while staying in Standard Safe Browsing. Rather than deleting the file from the list when prompted, close the dialog and then click on the Download button, and then click Full Download History.

There you will be given the option to keep the file.

[rcmaehl]

Actions taken so far:

• Jul 31: Updated all internal links to use /releases/
• Jul 31: Filled out the Safe Browsing False Positive form. Although this seems to be only for phishing.
• Aug 1: Discontinued direct x86 build links for releases.
• Aug 1: Contacted Github Support to see if they could file a review for Security Issues. Github support ticket #1726178
• Aug 1: Contacted Google through the Report A Security Issue form Sandboxie Plus found. Case ID [5-8504000032703]
• Aug 1: Contacted Graphic Artist for new logo design
• Aug 1: Received preliminary draft for new logo design
• Aug 2: Received response Google could not verify ownership. Responded with proof of ownership and advised further on the content.
• Aug 3: Cleaned up leftover registry key if no other software created by me is installed
• Aug 4: Google directed me to Github Support as well as Search Central Community.
• Aug 4: Uploaded New Logo base to github. Working on new logo using base, along with other assets.
• Aug 5: Continued drafts for updated Logo with Graphic Artist
• Aug 6: Removed old assets from Releases
• Aug 6: Removed nightly.link from Releases page
• Aug ?: Submitted Web False Positive to Avira per Virustotal Detection
• Aug 16: Fixed issue with WinGet keeping old packages
• Aug 16: Added option to installer to Submit False Positive
• Aug 18: Avira removed Releases page from their Blacklist per Virustotal
• Sep 11: Removed from Google Safe Browsing Blacklist

Continuation:

• Oct 27(ish): Entire repo added to Google Safe Browsing Blacklist
• Oct 27: Filled out the Safe Browsing False Positive form.
• Oct 27: Re-added the option to quick submit the project as a false positive after installation to release 0.7.2.0, deselected by default.
• Oct 31: Filed False Positive with Fortinet
• Nov 1: Removed from Fortinet Blacklist
• Nov 1: Removed from Google Safe Browsing Blacklist!

• ???: Direct link for release page of 0.7.5.3 added to Google Safe Browsing Blacklist
• Mar 26: Filled out the Safe Browsing False Positive form
• Mar 26: Started investigating hosting releases elsewhere
• Mar 29: 0.7.5.3 releases page no longer marked, .zip file still marked however. Considering dropping 32-bit builds from .zip