-
Notifications
You must be signed in to change notification settings - Fork 201
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Microsoft Windows Defender detect UltraVNC_1436_X64.msi with a Trojan:Win32/Vigorf.A #210
Comments
What was the outcome on this? False Positive? |
Virus total 6/64 security vendors flagged this file as malicious AliCloud |
Microsoft Windows Defender 1.417.13.0 detect UltraVNC_1436_X64.msi with a Trojan:Win32/Vigorf.A |
Include digital certificate to the msi installation packet and submit it for malware scan as developer at: https://www.microsoft.com/en-us/wdsi/filesubmission |
ultravnc_1436_x64.msi |
Re-uploaded msi files. |
I also submit the file and report it as false positive to MS. It's still In progress. |
Does the new msi (new signing) still trigger the detection |
It's not about of creating a new msi which will have different hash. It's about Microsoft not to mark the UltraVNC as Trojan:Win32/Vigorf.A but instead to trust your Certificate and mark UltraVNC as Remote Admin software like TeamViewer, AnyDesk, Dameware etc...) So they need to have UltraVNC hash marked in the Antivirus as legit remote admin/ remote support instead of trojan. In my latest submit they approve it and now it's allowed in the new antivirus database but this is only for the old hash. Tree View ultravnc_1436_x64.msi |
https://uvnc.eu/download/1436/UltraVNC_1436_X64.msi |
https://uvnc.eu/download/1436/UltraVNC_1436_X64.msi is now signed with a special msi option, signing is now also on the container, not only the files. |
Microsoft Windows Defender 1.417.13.0 detect UltraVNC_1436_X64.msi with a Trojan:Win32/Vigorf.A
The text was updated successfully, but these errors were encountered: