search

tarkah / grout

Simple tiling window manager for Windows
MIT License
202 stars 8 forks source link

Windows Defender threat detected for release v0.7.0 #35

Open jasonvasquez opened 4 years ago

jasonvasquez commented 4 years ago

Hello!

I was hoping to give grout a spin this evening, but I wanted to give you a heads-up that Windows Defender flagged the grout.exe executable for release v0.7.0 as containing a trojan, Win32/Ulthar.A!ml. I don't know if it's a false-positive or not but did want to let you know. Here's a link to the specific threat that was identified: https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=Trojan%3aWin32%2fUlthar.A!ml&threatid=2147751837.

Thanks!

tarkah commented 4 years ago

Hey, thanks for the report! Does it warn you before you try to run or after running it? I haven't seen this on my machine. Also, does this happen on any other versions as well?

Probably a good idea for me to release with an md5 hash... Just in case!

jasonvasquez commented 4 years ago

It gave the warning right after I downloaded it from the GitHub releases page and ran it for the first time. I didn't attempt to run it past that. I can try some other versions later, that's a good idea.

tarkah commented 4 years ago

This is what I see when I download the release from Github and run for the first time... Definitely no error about it being a Trojan.

image

Can you calculate the md5 hash of the v0.7.0 release you downloaded and paste the results? If you get the same hash, you are safe to run the program. Though I'll then need to figure out why it's being flagged...

PS > certutil.exe -hashfile '.\grout.exe' MD5
MD5 hash of .\grout.exe:
ff8f678d668c2a0e14959fd67071c313
CertUtil: -hashfile command completed successfully.
frabert commented 4 years ago

I think this article might be relevant: https://getimageview.net/2020/06/02/microsoft-defender-smartscreen-is-hurting-independent-developers/

tarkah commented 4 years ago

@frabert, thanks for posting. I'm ok with the smart screen pop up, it just is what it is. And I'm not looking to get a digital signature for this.

However, @jasonvasquez issue appears to be different as he is being warned about a Trojan virus, which I can't seem to figure out?

frabert commented 4 years ago

In that case, I think submitting the file as a false positive should be the right course of action: https://www.microsoft.com/en-us/wdsi/filesubmission

tarkah commented 4 years ago

Awesome, thanks for the link!