False-Positive for Free42 and Plus42 Emulator?

[giubin]

Checking the latest version of both Free42 and Plus42 simulators for Windows, VirusTotal found W64.AIDetectMalware. Not with previous version of both (Free42 Windows 3.0.13 - Plus42 ver_1.0.9).

Shouldn't we worry?
Is it a false positive?

[rprosperi]

Definitely a False-Positive, I just rescanned both to verify so.

You should report the false-positive (however you do that with VirusTotal) to help prevent more folks from having the same concerns.

[giubin]

(11-21-2023 01:48 AM)rprosperi Wrote:  Definitely a False-Positive, I just rescanned both to verify so.

You should report the false-positive (however you do that with VirusTotal) to help prevent more folks from having the same concerns.

Ok thanks Bob.

I use on my Windows, his Defender (it didn't detect anything). To be sure, sometimes i check with VirusTotal online, and i got this warning that I wanted to share with you.

Thanks again.

[Jonathan Busby]

(11-21-2023 01:48 AM)rprosperi Wrote:  Definitely a False-Positive, I just rescanned both to verify so.

You should report the false-positive (however you do that with VirusTotal) to help prevent more folks from having the same concerns.

Unfortunately, VirusTotal is just an aggregator that reports the results of the analysis of a file by dozens of AV software applications and other malware detection and executable behavioral analysis tools.

You can make a comment about a particular file on VirusTotal, but VirusTotal itself has no power or ability to change the false positive detections reported by the individual AV vendors :

https://support.virustotal.com/hc/en-us/...-detected-.

To get rid of the false positives, you unfortunately have to go through each individual AV app which VirusTotal indicates reported a positive detection and contact the vendor.

Here is the list of all the malware detection applications that VirusTotal uses :

https://support.virustotal.com/hc/en-us/...ntributors

On a related note, at least on my Windoze 10 PC, when I try to run any recent Emu48 installers, Windows' "SmartScreen" blocks its execution and displays a popup entitled "Windows protected your PC." This is either due to Emu48 not being properly signed with a trusted Microsoft CA, its being signed but the signature having expired, or because it uses a packed executable. See here : https://learn.microsoft.com/en-us/archiv...pc-at-risk .

This can only be remedied by the developer, by signing the executable with a current, recognized key from a Microsoft CA and/or not packing the executable. If both of those fail to eliminate the false positive detection, then the developer has to send the ( properly signed ) offending executable to Microsoft to report a false positive : https://learn.microsoft.com/en-us/micros...-worldwide .

Also, again for any Emu48 installers, Virustotal reports twelve positive detections by various AV apps and it's flagged as malware : https://www.virustotal.com/gui/file/c81d...689b41b5f3

Regards,

Jonathan

[rprosperi]

(11-22-2023 05:50 PM)Jonathan Busby Wrote:  

(11-21-2023 01:48 AM)rprosperi Wrote:  Definitely a False-Positive, I just rescanned both to verify so.

You should report the false-positive (however you do that with VirusTotal) to help prevent more folks from having the same concerns.

Unfortunately, VirusTotal is just an aggregator that reports the results of the analysis of a file by dozens of AV software applications ....

All of which is exactly why I said "(however you do that with VirusTotal)" but I guess it wasn't funny/clear enough. I find using VirusTotal a complete waste of time, and appears to be primarily used by folks that won't run a good quality AV product to catch things in real time. I download FAR too much to manually visit that each time... but it may work for other folks.

[giubin]

(11-23-2023 12:22 AM)rprosperi Wrote:  

(11-22-2023 05:50 PM)Jonathan Busby Wrote:  Unfortunately, VirusTotal is just an aggregator that reports the results of the analysis of a file by dozens of AV software applications ....

All of which is exactly why I said "(however you do that with VirusTotal)" but I guess it wasn't funny/clear enough. I find using VirusTotal a complete waste of time, and appears to be primarily used by folks that won't run a good quality AV product to catch things in real time. I download FAR too much to manually visit that each time... but it may work for other folks.

Many thanks for your support. I really know that VirusTotal is "just" an aggregator. For this reason I use it (sometimes) as last chance to check something new. On my Windows 11 23h2, I use the awesome Windows Defender as a real time antivirus.

I think that the antivirus aggregator is something not to be underestimated, precisely because it checks through a myriad of antiviruses (not in real time, because this methods are a plus).

I don't know why I decide to check this emulators. Just to be sure, and because my PCs need to stay safe.

I just wanted to share this false positive with you