+- HP Forums (https://www.hpmuseum.org/forum)
+-- Forum: Not HP Calculators (/forum-7.html)
+--- Forum: Not quite HP Calculators - but related (/forum-8.html)
+--- Thread: Windows Defender flagged Free42 2.08... (/thread-9785.html)
Windows Defender flagged Free42 2.08... - zeno333 - 12-27-2017 07:23 AM
I just got Free42 2.08 and Windows Defender on Windows 64 bit Home edition flagged it as a Trojan...said the threat was severe. This is the first time Defender has flagged anything...I deleted it...Has anyone else had this issue?
RE: Windows Defender flagged Free42 2.08... - zeno333 - 12-27-2017 08:27 AM
Some more info....Defender did not flag the ZIP file...it flagged it when I unzipped the file...The exact file in question was the Free42 Decimal version file...I deleted it all and went back to the older 2.07c version...
RE: Windows Defender flagged Free42 2.08... - zeno333 - 12-27-2017 08:32 AM
Here is the name of the Trojan according to Defender...
Trojan:Win32/Azden.A!cl
RE: Windows Defender flagged Free42 2.08... - Massimo Gnerucci - 12-27-2017 09:40 AM
If you trust Defender... I prefer to trust Thomas.
It's easy to catch a false positive.
For your peace of mind try to submit it to https://www.virustotal.com
EDIT: Someone already submitted it to Virustotal today: 0/61, I think you can stay assured there's no trojan therein.
RE: Windows Defender flagged Free42 2.08... - pier4r - 12-27-2017 10:49 AM
(12-27-2017 09:40 AM)Massimo Gnerucci Wrote: It's easy to catch a false positive.This. Especially when the antivirus heuristic cannot figure out the threat from a file, it tries to be more negative than positive. (I.e: "in doubt, flag it as bad")
side note: windows defender is better than nothing but it has not a good reputation among system administrators. Now at home many may use windows defender (I have some pc with no AV at all), in companies people choose other AV. https://www.av-test.org/en/antivirus/business-windows-client/
RE: Windows Defender flagged Free42 2.08... - Massimo Gnerucci - 12-27-2017 11:31 AM
(12-27-2017 10:49 AM)pier4r Wrote:(12-27-2017 09:40 AM)Massimo Gnerucci Wrote: It's easy to catch a false positive.This. Especially when the antivirus heuristic cannot figure out the threat from a file, it tries to be more negative than positive. (I.e: "in doubt, flag it as bad")
side note: windows defender is better than nothing but it has not a good reputation among system administrators. Now at home many may use windows defender (I have some pc with no AV at all), in companies people choose other AV. https://www.av-test.org/en/antivirus/business-windows-client/
We know Pier, we know...
But I wouldn't put Avast in the same list as others there.
RE: Windows Defender flagged Free42 2.08... - Thomas Okken - 12-27-2017 02:07 PM
Looks like a false positive. The zip file on my web site is not compromised (I compared it to the one in my build VM), but just to be sure, I did a full rebuild, uploaded it to my web site, downloaded it, compared it to the one I just built (everything fine so far), and then when I unzipped it, Free42Decimal.exe got blocked by Defender, while Free42Binary.exe did not.
I have no idea why it's doing that or what I can do about it.
You can just tell Defender "restore" or "run anyway," and you should be OK.
UPDATE: Running a full scan on my build VM now. I don't expect that to turn up anything -- I use that VM for building Free42, running V41 and Emu42, and not much else -- but why not. I'll post the result when it's done.
RE: Windows Defender flagged Free42 2.08... - Massimo Gnerucci - 12-27-2017 02:29 PM
(12-27-2017 02:07 PM)Thomas Okken Wrote: Looks like a false positive. The zip file on my web site is not compromised (I compared it to the one in my build VM), but just to be sure, I did a full rebuild, uploaded it to my web site, downloaded it, compared it to the one I just built (everything fine so far), and then when I unzipped it, Free42Decimal.exe got blocked by Defender, while Free42Binary.exe did not.
I have no idea why it's doing that or what I can do about it.
You can just tell Defender "restore" or "run anyway," and you should be OK.
UPDATE: Running a full scan on my build VM now. I don't expect that to turn up anything -- I use that VM for building Free42, running V41 and Emu42, and not much else -- but why not. I'll post the result when it's done.
As reported earlier no other antivirus flagged your executables as "risky".
RE: Windows Defender flagged Free42 2.08... - Thomas Okken - 12-27-2017 03:21 PM
(12-27-2017 02:07 PM)Thomas Okken Wrote: Running a full scan on my build VM now. I don't expect that to turn up anything -- I use that VM for building Free42, running V41 and Emu42, and not much else -- but why not. I'll post the result when it's done.
447476 files scanned, 0 threats found.
UPDATE: I reported the false positive to Microsoft. (No idea how long it takes from doing that to the virus definitions getting updated.)
RE: Windows Defender flagged Free42 2.08... - zeno333 - 12-28-2017 01:14 AM
(12-27-2017 03:21 PM)Thomas Okken Wrote:(12-27-2017 02:07 PM)Thomas Okken Wrote: Running a full scan on my build VM now. I don't expect that to turn up anything -- I use that VM for building Free42, running V41 and Emu42, and not much else -- but why not. I'll post the result when it's done.
447476 files scanned, 0 threats found.
UPDATE: I reported the false positive to Microsoft. (No idea how long it takes from doing that to the virus definitions getting updated.)
I agree it is a false positive...Perhaps it would be wise to put a note on the Free42 wen site about this very issue...Not all who go there read this forum, and it would give a user the chance to ignore the warning from Defender and override it should they choose to.