EDMC 5.0.0. Flagged at Malware by AVG Anti Virus #1058
Comments
|
Similar here with Bitdefender Build 25.0.19.75; Engine Version 7.88511 'C:\Users*User*\AppData\Local\Temp\Update-53c11983-e30b-4b03-9826-c3dfba676e0e\EDMarketConnector_win_5.0.0.msi' infected with 'Gen:Variant.Bulz.466715' |
|
Same Bitdefender response here. Ended up uninstalling EDMC and trying a new install. Now neither Bitdefender nor Windows 10 will allow it to be installed or used. Message reads as above and also: |
|
This happens in the first instance because we use py2exe to package the application code into .exe's (and then bundle that and the other relevant files into an .msi installer using WiX). See py2exe/py2exe#86 and py2exe/py2exe#73 for some discussion about why these are false positives. I'll see about adding something about this to our Known Issues and Troubleshooting page. When I get time I'll investigate if there's any utility in me uploading each .msi/.exe to alleged Anti-Virus websites in order to pre-empty this sort of thing. I'm not hopeful. I'll also note that we now always build for release on GitHub, so any compromise would, in the first instance, have to be against their infrastructure and the third-party software they pull in (a Windows build, python versions, python modules, a download of WinSparkle). Of course then I have to download the resulting .msi file in order to then upload it when I make a GitHub release. I should see if there is any way in which to have that happen purely on the GitHub side of things. Furthermore, anyone worried about this with the ability to effectively check our source could just run from source. |
|
I note that Windows Defender (Windows 10 20H2 with May 2021 updates) doesn't find anything wrong with either the installer or the then installed files. |
|
There's now https://github.com/EDCD/EDMarketConnector/wiki/Troubleshooting#installer-and-or-executables-flagged-as-malicious-viruses about this, which references this issue. |
|
Thanks for your prompt reply. Personally I have reinstalled v4.2.7 without any problem at all. Soon as I try to update to v5 Bitdefender just quarantines it and the whole thing stops working so I have to un/re-install. Currently I have opted for "Skip this version" for the moment. |
As you're actually a user of the software, could you do me a favour and find any documentation/help they have about reporting a file as not malicious ? The same goes for anyone using other A/V software. |
|
I uninstalled 5.0.0 and reinstalled 4.2.7 and then tried the upgrade again and this time no issue was found. It's interesting that it's not a 100% reproduceable issue based on my experience. Thanks for the prompt response. Have reported as false positive to my A/V vendor. I guess we'll see. |
|
For Bitdefender I can only suggest contacting their Labs at https://labs.bitdefender.com/contact/ as this is where we report to, which I have done. |
Thanks.
What do you mean by ".api" ? There are not such files in a standard EDMarketConnector install. |
|
Sorry. I meant .msi, the download file. Many apologies. |
|
I'm going to close this issue based on observed and noted behavior, as well as not being able to reproduce the issue consistently after uninstall, reinstall and subsequent upgrade. |
|
MalwareBytes Professional quarantines this MSI. Uninstalling and reinstalling does not help, as the scan on installation quarantines it again. I'm reverting to the previous version until this is fixed. |
|
I've attempted to report this issue to MalwareBytes: https://forums.malwarebytes.com/topic/274269-py2exe-generated-executables-show-as-false-positives/ |
|
I've now submitted the .msi as part of applying to AVG's whitelisting program: https://www.avg.com/whitelist-program-registration |
|
Reported to BitDefender via https://www.bitdefender.com/consumer/support/answer/40673/ |
A staff member has replied saying the file is now whitelisted on MalwareBytes. |
|
From Discord:
|
|
NB: 'Sophos' not 'Sophus', and I'm submitting the .msi to https://support.sophos.com/support/s/filesubmission?language=en_US |
|
Open your Anti-Virus software and add the entire EDMC |
Personally I'd just add EDMarketConnector.exe and EDMC.exe to the allowed list, unless it still complains after that. No-one should be installing third-party plugins in the installation 'plugins' folder (they should go under |
|
Adding the entire folder to exceptions assumes you could get it to load from the .msi file in the first place. Both Bitdefender and Win10, in my case at least, did not want to load the .msi file either. Currently I have added both .exe, full folder and .msi files to exceptions and working fine now from a desktop shortcut. |
Athanasius
added
anti-virus
|
Sophos users - you'll have to do the reporting to get the file(s) properly assessed. From email with them:
And I am not installing any A/V in order to do such. |
|
As we've had no further reports of this, including none for 5.0.1 or 5.0.2, I'm closing this. |
Please complete the following information:
%TEMP%\EDMarketConnector.logfrom immediately after the bug occurs (re-running the application overwrites this file).EDMarketConnector-debug.log
Describe the bug
When scanning EDMarketConnector_win_5.0.0.msi with AVG Internet Security 20.9.3152 (build 20.9.5758.625), product.cab EDMC.exe is flagged as containing Win32:Malware-gen
To Reproduce
Steps to reproduce the behavior:
Expected behavior
MSI is reported free from malware
Screenshots
Additional context
This report is not implying the installer is infected.
This feels like a false positive.
However this report is designed to raise awareness of a potential issue.
o7 Cmdrs
The text was updated successfully, but these errors were encountered: