Comments (17)
Whitelist where possible, ignore elsewhere. Those AV bastard employees get to pay for every detection they can put in a database, so they are more than happy to put any hacking tool on their lists. Especially if they use it themselves, that's the case with most of the system or hacking tools even with highly popular tools like Process Hacker.
Some engines and signatures are licensed to other companies and if one of them puts you in their lists it's then spread to other AV products as well. No easy way out of false-positive detection hellhole, there is always some AV jerk who will think it's important to put your tool in Win64!HackingTool category or some other shit.
from die-engine.
Thanks for the info. The only thing that can be done is to wait until I have saved up enough money from donations to digitally sign the application. :)
from die-engine.
That won't help you anyway, don't waste your money.
from die-engine.
die_win32_portable_noloader_3.00.zip
is not reported by Firefox or Windows defender
VT zip: https://www.virustotal.com/gui/file/6a84c5605b7274ba0a1f31ee5af8d145da8838d9e69adbc7ede83bf736d05af1/detection
VT exe: https://www.virustotal.com/gui/file/75ba2c92fc956e3eccce48de56f7f221469f0c531e550cc59a1c785243080082/detection
from die-engine.
I just downloaded die_win32_portable_3.00.zip.
-
Google Chrome is blocking it and there's no whitelist. To bypass, you have to google the message, then go into your settings and completely turn off Safe Browsing.
-
Webroot Antivirus is detecting it as a virus and is quarantining it as soon as the user navigates to the unzipped folder in Windows Explorer.
I strongly dislike antivirus false positives. I'm sorry your project has to deal with this.
from die-engine.
https://github.com/horsicq/DIE-engine/releases/tag/3.01
from die-engine.
Hello! Thanks a lot for the information!
from die-engine.
I sent the information to Microsoft: https://www.microsoft.com/en-us/wdsi/submission/f24af0e1-727f-47c4-a6c0-85af3fdc6a70
from die-engine.
Analyst comments:
We have removed the detection. Please follow the steps below to clear cached detection and obtain the latest malware definitions.
- Open command prompt as administrator and change directory to c:\Program Files\Windows Defender
- Run “MpCmdRun.exe -removedefinitions -dynamicsignatures”
- Run "MpCmdRun.exe -SignatureUpdate"
Alternatively, the latest definition is available for download here: https://www.microsoft.com/en-us/wdsi/definitions
Thank you for contacting Microsoft.
from die-engine.
Windows no longer reports trojan, however Firefox 79.0 reports this file as malicious
Virustotal for die.exe file, 22 engines reported file as malicious ("invalid-rich-pe-linker-version" note is here but not on 2.05): https://www.virustotal.com/gui/file/cf5a19f0611de377178ca54d2ece443a4203f18d6de55fa9e9969a38fb53ca55/detection
In comparison 2.05 was only reported as malware by 4 engines (usually lesser known ones are more likely to report false positive): https://www.virustotal.com/gui/file/6e802a66da626c456961577881ade3a9869e88e8051bc3a4a6955508aa4f5430/detection
from die-engine.
hmm. Did you tested: die_winxp_portable_3.00.zip ?
from die-engine.
die_winxp_portable_3.00.zip
doesn't trigger neither Windows Defender nor Firefox, and is clean according to Virustotal: https://www.virustotal.com/gui/file/64eb30cba9e6ab4f3c7b72c4d34e39ede91ac30d97d6975e4670921500be4ff6/detection
Virustotal for die.exe from die_winxp_portable_3.00.zip: https://www.virustotal.com/gui/file/7bcc028ac392ae642da90eaf1b47f9977fdeca383ee1d97c67d70e99f34a3092/detection
Windows Defender doesn't report the file (I have to reboot for testing on Windows, so it takes some time)
from die-engine.
That won't help you anyway, don't waste your money.
Do you know another solution? Just ignore the false detects?
from die-engine.
@halamix2 Could you please try this? https://github.com/horsicq/DIE-engine/releases/download/3.00/die_win32_portable_noloader_3.00.zip
from die-engine.
@halamix2 Thanks a lot!
from die-engine.
Hello @RedDragonWebDesign Just try this file: https://github.com/horsicq/DIE-engine/releases/download/3.00/die_win32_portable_noloader_3.00.zip
from die-engine.
Thanks for the info. The only thing that can be done is to wait until I have saved up enough money from donations to digitally sign the application. :)
As like PElock suggested, "Don't waste money in buying expensive signatures". It won't help.
Proof:
See, these all files are digitally signed and have valid certs. But see how much they are detectable.
https://github.com/tresacton/PasswordStealer
https://www.virustotal.com/gui/file/96a74d742c4cc761d1807f263844ad6c152f54b248362d2a2dc832d030dc29d8/details
Give some time to anti's to make your files recognizable.
lol !
from die-engine.
Related Issues (20)
- Text very badly readable in Dark Mode (Fusion) (QT6 Version) HOT 4
- Zig binaries are unknown HOT 3
- Suggest to support calling a third-party program to open the target file HOT 2
- Compiling DIE GUI fails on Ubuntu 20.4.5 ARM64 HOT 4
- Wrong Windows 10 Version HOT 1
- Suggestion: Make ressources information accessable via commandline HOT 5
- a release zip package with only the console version HOT 2
- DLL version? HOT 2
- DIE-engine Crashed when I try to dump the TTF format HOT 1
- Suggestion: Exclude unpacked/unprotected files from directory scan results HOT 2
- submodule XTranslation access 404 HOT 3
- i cannot execute Example B1 in Geant4 iam using Ubuntu 20 :Available UI session types: [ Qt, GAG, tcsh, csh ] qt.qpa.xcb: could not connect to display :0 qt.qpa.plugin: Could not load the Qt platform plugin "xcb" in "" even though it was found. This application failed to start because no Qt platform plugin could be initialized. Reinstalling the application may fix this problem. Available platform plugins are: eglfs, linuxfb, minimal, minimalegl, offscreen, vnc, xcb. Aborted (core dumped) HOT 1
- Apple Silicon (ARM64) Mac OS Build HOT 1
- It is recommended to add a window top selection box HOT 2
- [Idea] initial signature scanning speed up HOT 1
- Automation to update the winget package? HOT 1
- Ошибка интерфейса HOT 1
- Unable to detect the specific installer for jre-8u371-windows-x64.exe. HOT 1
- CVE-2023-51714 Vulnerability HOT 4
- Does it support for arm Ubuntu HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from die-engine.