Trojan virus detected on 1.7.1 exe #131
Comments
|
Submitted to MS for review - thanks for reporting: https://www.microsoft.com/en-us/wdsi/submission/b12018fa-6c58-4b06-8cd2-ebaa8c746e2d Good idea r.e. the checksums. |
|
Yup got same problem - I did have a few issues but I think it is working - sort of. Well v1.7 works I think. |
|
From Microsoft...
|
|
Try updating your virus Defs and give it another shot. I think it has less problems with the installed version too if that helps.. |
|
Tried again, with (what I think are) the latest Defs. Now getting this: |
|
My guess (and frankly I don't know) is that because I've written this in Python, used a flask web server and packaged it up with PyInstaller, that Microsoft's tools look at and say "Well this looks suspicious; Written in Python and it extracts python code and then runs it? I'd better flag this". It's becoming pretty frustrating because I have to do this every time I release another version (and apparently now multiple times). The I know EDDiscovery is written in C# and as that's Microsoft's language, maybe they're less suspicious of it. I think this is all part of their cunning plan to get more people writing C# and to encourage more poor developers to shell out hard earned cash to add certificates to sign the software releases. |
|
A quick and not thorough Google suggests that this is a common thing with using PyInstaller for a few reasons. There's a number of problems and "solutions" on StackOverflow, not sure if any would apply here. But I did have a thought - could you go ahead and submit a new version's exe to MS as being okay as a step in releasing it? Why wait for user reports if it's going to be a thing, just get it into their system to look at and approve. |
|
Yeah, I can imagine this is annoying. Which is why I hate to say this, but: Also, I appreciate you sharing the submission links, but I can't access them. Microsoft just shows this when I click the link: "You are not authorized to view details for the requested submission id (6dc85a2b-6a84-44c8-9edd-59f2a6cef07e)." |
|
Also, regarding this being in Python, maybe try contacting the devs of ED Market Connector? Their Github shows that it's 100% Python and I didn't get any antivirus hits when installing their tool |
To be honest, I do that mostly for my own reference to make it easy to double-check the status. Double-checking with EDMC is a good call. Looks like they use Py2Exe rather than PyInstaller and TKinter instead of a web UI so maybe it's that or maybe they have a way of signing releases I couldn't see from a quick source-skim. Just as annoyingly, for some reason I never see this virus alerts when I download the same .exe's from github. Submitted for the installer here too: https://www.microsoft.com/en-us/wdsi/submission/7d6d6cb3-7706-4405-ae9b-d6e64858f6fd MS are this time refusing to unblock the EDScout.exe so I've raised a dispute with them. More fun and games! |
|
Scanning the same .exe's I've uploaded to github from my machine I get no matches:
...which just makes this all the stranger. I don't understand why defender takes such an issue with this but I'll keep on battling! |
I'd had the same thought (proactive submission) but you're required to specify what detection was found and as my machine never marks them as bad in the first place that's impossible for me. |
|
Maybe its something to do with you also being the author and having the source code on the computer, or something else related to you being the author. |
Yeah, possibly. If I find some time I'll have a bit more of a dig into EDMC and how they package things. I note that they produce a .msi rather than a innosetup-generated .exe installer which may also be another avenue to solve this. Very difficult to debug multi-faceted issues like this when all you have is the Microsoft black box telling you that they sort of (and inconsistently) don't like what you're doing... |
|
Well at least for the setup file they've confirmed:
|
|
Ok. A this point I'm starting to get somewhat fed up with Windows Defender. I ran the command prompt commands and everything updated, but it's still flagging |
|
Just for you (I'll automate this later)...
|
|
Found an interesting tool today; Virustotal. For EDScout.exe we get: https://www.virustotal.com/gui/file/cd63e536fe177452883eca53322bba3bb79334f3ab85a16acc6846544da2c207/detection For the installer we get: |
|
Longer term #114 should avoid these issues... or that's the intention at least. |
|
Being paranoid, I ran defender over my entire drive and it came up empty for viruses (FYI). |
|
Oh yeah, I've seen that on EDDiscovery's GitHub. He includes a screenshot of this every new release. |
|
Appreciate the vote of confidence and your resolve Cmdr! o7 |
|
The hash values matched and everything seems to be working! I used the |
|
To answer the question, yes, one of the first additions to this program he put in was to see if a user had a custom HUD setup to try and match it. |
|
Ah, nice touch! |
|
I have one more bit to add - Microsoft sent me an additional message I want to capture here after I disputed it. ..and yes, the colour matching is done so that the Scout matches your HUD. That was a fun one to implement! 👌🏻😊 |
|
Here's what Microsoft said after I raised a dispute...
|
|
Closing this now as that should hopefully be the end of it.. |
Went to download the EDScout.exe and Windows defender flagged it as having a virus on it. I saw that there was a similar Issue, but the virus they reported was different to what Defender found on my machine:
Let's hope this is also a false positive.
Also, if possible add a hash checksum to the important files so we can verify them.
Thank you
The text was updated successfully, but these errors were encountered: