Closed mohit0121 closed 1 week ago
Hi @mohit0121, I reported it as a false positive. Thanks for pointing it out!
@srwi Would you be kind enough to getting it digitally signed by a Trusted CA / Developer of this app please?
I'm not really looking to spend money on a code signing certificate, but I’m thinking about setting up a GitHub Actions release workflow instead. This could help show that the installer is safe by making the build process more transparent.
EverythingToolbar-1.3.4.msi Sandbox Counter Adversary Operations _ Intelligence.pdf EverythingToolbar-1.3.4.msi Sandbox Counter Adversary Operations _ Static Analysis.pdf EverythingToolbar-1.3.4.msi Sandbox Counter Adversary Operations _ Dynamic Analysis.pdf EverythingToolbar-1.3.4.msi Sandbox Counter Adversary Operations _ Mitre Attack.pdf
1.Would you be kind enough to confirm, if these vulnerabilities are false positive and these can be safely ignored?
- Would you be kind enough to confirm, if these vulnerabilities are false positive and these can be safely ignored?
Yes, they can be ignored. There is no spyware in EverythingToolbar.
- I would like to know more about GitHub Actions release workflow. How will this suffice requirements of digital signatures from Trusted CA?
EverythingToolbar is fully open-source and everybody can look at the code. Currently the release process consists of me manually creating the installer on my machine from that code. Technically at that time I could still inject some malware in there (which I don't). By automating the release workflow in GitHub Actions, the whole process would be made transparent and those who care can look at how the installer was created based on a snapshot of the code at that point in time.
This has nothing to do with digital signatures from a trusted CA. I don't have such a certificate and I am not planning to get one because I am not willing to spend money on one, which to my knowledge I would have to do.
I added a release workflow via Github Actions that creates the installer and the sha256 hash that can be used to verify that the msi has not been tampered with. I think for now this is all I can do. The next release will be performed using that workflow.
https://github.com/srwi/EverythingToolbar/blob/master/.github/workflows/release.yml
Preflight Checklist
EverythingToolbar Version
1.3.4
Everything Version
1.3.4 x64
Windows Version
Win 11 Enterprise 22H2
Steps to reproduce
https://www.hybrid-analysis.com/sample/ed78aec2473700527c01cb0ab4950b33c0c3cee44f40372241b16d8b798b5e77?environmentId=140
Expected Behavior
file analysis link above
Actual Behavior
file analysis link above
Screenshots
No response
Log output
file analysis link above
Additional Information
No response