The application still gets deleted in Windows10 #2631
Comments
|
What specific third-party software do you have running that deletes the program? If you can't specify reproduction steps, then it is not possible to verify what you're saying. Linking to third-party malware detection websites of dubious quality does not help. |
manyoso
changed the title
|
If your system balks at the installer (which by the way, simply uses the Qt Installer Framework) then you might want to consider building it from source instead. |
It is deleted by the security system of Windows10... both the file and the installed exe. Hopefully you fix it |
I can assure you it works as-is for most people and I'd say it's your system that has some kind of aggressive rejection policy in place. That's why I suggested to build it from source, because in that case you could get around using an installer. But see your original post now, the next version will be signed and that hopefully gives your system the assurance it needs to allow it. |
|
Thanks... but the problem is that both the file and installed file gets deleted. |
|
As I said: the next version will hopefully be signed and hopefully that will be ok for you then. |
|
Thanks! Awesome!! Best wishes |
|
@SMARTSEEU has this been resolved for you? |
cosmic-snow
added
the
need-info
Hi again, No! |
|
The security of Windows finds it as a threat. |
|
It is signed now, however. I can assure you it works for most people. So you'll have to explain in detail what exactly is deleting it from your system. |
|
As I told you earlier the .exe and the downloaded file both get deleted since there is a serious security issue with your app. Either you know it or not. I have over 50 applications installed on the same system with no problem... There is an issue! This is the screenshot of installed folder.
|
|
|
It is not really my app, I'm not affiliated with Nomic. I do have some insight into the code however, and I can't think of anything that is a "serious security issue" in that. Also, I've built countless versions of it on my system and never had it deleted. I've also tried to help countless people with their issues, and "it gets deleted from the system" is not what I usually see. In fact, I've only seen it brought up by you so far. So without additional details on what is deleting it -- I'm assuming some overzealous security software -- and on what grounds, I can't really help you further. However, regarding that screenshot: if you have Edit: Oh, also note that |
We're trying to help you with this issue, but please refrain from stating that we have a serious security issue without detailing what that security issue is. That you may have over zealous windows security software installed is not a security issue. A security issue would rather look like: "Look at line X of file foo.cpp and notice ..." If you can't detail a problem like that, then the assumption has to be that your system has some particular security software installed that other windows systems do not and that the security software in question is coming up with a false positive. This hypothesis is supported by the fact that literally tens of thousands of users are using GPT4All on their windows systems with no problems like the one you describe here. Frankly, any 'security software' that is deleting files from your hard drive and not telling you what the actual problem is ... sounds like malware itself. I'd be far more concerned with whatever "security software" you might have installed that is actually malicious if I were you. |
|
Thanks, As you rightly mentioned you are not affiliated with Nomic. SO THEY KNOW BETTER! Just for your info. I know the .exe file is in the BIN, which gets deleted. Sometimes the free cheese is in the trap, who knows? |
|
Sorry to say, but that is still not useful. We've already established that it gets deleted somehow and for some reason. You need to produce a system log or other info which details why that happens. Before, the suspicion was that it's because the installer wasn't signed. The latest version should be signed however, so you need to figure out what the actual reason is. Aside from that, again, try to do a clean installation with a new installer. If you already uninstalled but these files you see there didn't get removed after uninstalling, delete the whole GPT4All folder manually, so there are no leftovers. Just to confirm, I've downloaded the installer again myself: P.S.
Just so you know, manyoso is the maintainer and yes, he knows better. But he basically said the same thing I'm saying. |
|
I think it has nothing to do with the assigning... When the whole installer and the installed .exe gets deleted... there is some problem inside the script that I won't repeat why.... but for sure something is WRONG. any way |
Yes, something on your system is deleting it. You need to figure out exactly what is doing that and why it is doing it. If you can't provide that information, then it's probably not possible to help you and likely this issue will eventually be closed. ☹ |
|
OK |
|
Now I see Avast antivirus recognized it as IDP-Generic threat! |
|
Alright, that's some useful information.
I did the same myself just now, and I get zero negative results. Excerpt:
Which is a bit weird, because Avast is there, too. But lets see your results. Regarding the reason for the removal, the linked website says the following -- which I don't find very useful, to be honest:
P.S. Here is the checksum of the
|
|
Ok what I did: I downloaded gpt4all-installer-win64-v3.1.1 with size of 651MB and scanned it before running and it is clear. Yes you are right. the downloaded file is not detected as virus but after running the system detects its malicious activity and deletes it. That is the whole stuff |
|
As I said, upload it to VirusTotal to make sure it's not a false positive: https://www.virustotal.com/ They have many different virus/malware scan engines there. It isn't on my system, but in the remote case that there is something manipulating that file, you should check it on VirusTotal to make sure. If VirusTotal says it's clean, then it's Avast that is at fault and you should add it to the whitelist/exceptions. |
|
The intact file seems clean. However not the active one... Maybe clever designers know what's happening during running... |
|
Nothing in the GPT4All project changes the executable while running. Not ever. The only time the executable changes is when you run an update. I think there are two options here:
Now if you don't trust what I'm saying and insist there is something wrong with the project itself, you'll either have to point out the part you don't trust or find someone you trust who can explain the code to you. I don't think I can help you any further in this issue. From my perspective, this is definitely a case of faulty/overzealous Antivirus. Edit: You know, it just occurred to me that there's one other thing you can do: Contact Avast and let them analyse this and tell you whether or not it's a false positive. They should know, right? |
cosmic-snow
removed
need-info
|
Thanks, I would be thankful if you could contact them since I am not familiar with technicalities. |
|
And there is a huge difference between an .exe file that has not been executed and an executed one since it will affect or inject codes to the registry or other places. |
Sorry, but I'm sure you can figure that out yourself. You figured out how to contact the people working on this project, too. Also, I don't need to contact them. I've already uploaded the file from my system to VirusTotal and get zero hits from any of the scan engines.
If you know better than me, then point out where it does something malicious, or find someone who can do that for you. It's open-source. You can actually look at all the code that eventually lands on your system. You also have the option to not use it at all if you don't trust it, and you do have the option to build it yourself on your own system if you don't trust the pre-built binaries and/or the installer. I am closing this now. We can reopen it after you've contacted Avast. |
|
Sure, I will trust Avast over this software. I am not the one who should say what has been implemented into the software that injects the malicious code after running... the programmers should tell! First and foremost it is your job to provide confidence and trust... Virustotal has no Sandbox!! did you know?? Yeah! |
I haven't read the whole thread, but I can assure you this is simply a false positive. Basically all antivirus software is susceptible to this, because they often use heuristics to detect what might be malicious, not what is actually malicious. Software made by bigger companies naturally gets more attention and is more often added to their whitelists; this is not the case for a small company like Nomic, so you're more likely to see a false positive. The problem for us is that we are intimately familiar with the software we are providing—and it's open-source, so you can verify it for yourself if you're so determined. The fact that our application is signed is proof that DigiCert believes we are a legitimate operation and not a scam. Avast, however, is closed-source and intentionally obscures the precise way various threats are detected, so we can only guess why it thinks GPT4All could be considered a threat. Because of this, there isn't much we can do about this ourselves. You, however, can use this form provided by Avast to report the suspected false positive. If they agree (they most likely will), they will prevent this warning from occurring. Whether you choose to add the exclusion in the meantime is entirely up to you. Personally I think antivirus software is better at preventing bone-headed mistakes than being the sole arbiter of truth, because of the reasons outlined above. |
|
The exe file still gets deleted by the Windows security system or antivirus... Some codes only during running the app cause this.. giving up ... |
Avast is not a standard component of Windows. If you choose to use it, you have to live with the consequences. They are nobody's fault but your own. I can assure you that the built-in Windows Defender does not mind GPT4All one bit, even the signed version. Nor does Google Chrome report the download as suspicious. |
Originally posted by @manyoso in #2580 (comment)
The text was updated successfully, but these errors were encountered: