Windows Defender flagged Free42 2.08...

[zeno333]

I just got Free42 2.08 and Windows Defender on Windows 64 bit Home edition flagged it as a Trojan...said the threat was severe. This is the first time Defender has flagged anything...I deleted it...Has anyone else had this issue?

[zeno333]

Some more info....Defender did not flag the ZIP file...it flagged it when I unzipped the file...The exact file in question was the Free42 Decimal version file...I deleted it all and went back to the older 2.07c version...

[zeno333]

Here is the name of the Trojan according to Defender...
Trojan:Win32/Azden.A!cl

[Massimo Gnerucci]

If you trust Defender... I prefer to trust Thomas.

It's easy to catch a false positive.
For your peace of mind try to submit it to https://www.virustotal.com

EDIT: Someone already submitted it to Virustotal today: 0/61, I think you can stay assured there's no trojan therein.

[pier4r]

(12-27-2017 09:40 AM)Massimo Gnerucci Wrote:  It's easy to catch a false positive.

This. Especially when the antivirus heuristic cannot figure out the threat from a file, it tries to be more negative than positive. (I.e: "in doubt, flag it as bad")


side note: windows defender is better than nothing but it has not a good reputation among system administrators. Now at home many may use windows defender (I have some pc with no AV at all), in companies people choose other AV. https://www.av-test.org/en/antivirus/bus...ws-client/

[Massimo Gnerucci]

(12-27-2017 10:49 AM)pier4r Wrote:  

(12-27-2017 09:40 AM)Massimo Gnerucci Wrote:  It's easy to catch a false positive.

This. Especially when the antivirus heuristic cannot figure out the threat from a file, it tries to be more negative than positive. (I.e: "in doubt, flag it as bad")


side note: windows defender is better than nothing but it has not a good reputation among system administrators. Now at home many may use windows defender (I have some pc with no AV at all), in companies people choose other AV. https://www.av-test.org/en/antivirus/bus...ws-client/

We know Pier, we know...

But I wouldn't put Avast in the same list as others there.

[Thomas Okken]

Looks like a false positive. The zip file on my web site is not compromised (I compared it to the one in my build VM), but just to be sure, I did a full rebuild, uploaded it to my web site, downloaded it, compared it to the one I just built (everything fine so far), and then when I unzipped it, Free42Decimal.exe got blocked by Defender, while Free42Binary.exe did not.

I have no idea why it's doing that or what I can do about it.
You can just tell Defender "restore" or "run anyway," and you should be OK.

UPDATE: Running a full scan on my build VM now. I don't expect that to turn up anything -- I use that VM for building Free42, running V41 and Emu42, and not much else -- but why not. I'll post the result when it's done.

[Massimo Gnerucci]

(12-27-2017 02:07 PM)Thomas Okken Wrote:  Looks like a false positive. The zip file on my web site is not compromised (I compared it to the one in my build VM), but just to be sure, I did a full rebuild, uploaded it to my web site, downloaded it, compared it to the one I just built (everything fine so far), and then when I unzipped it, Free42Decimal.exe got blocked by Defender, while Free42Binary.exe did not.

I have no idea why it's doing that or what I can do about it.
You can just tell Defender "restore" or "run anyway," and you should be OK.

UPDATE: Running a full scan on my build VM now. I don't expect that to turn up anything -- I use that VM for building Free42, running V41 and Emu42, and not much else -- but why not. I'll post the result when it's done.

As reported earlier no other antivirus flagged your executables as "risky".

[Thomas Okken]

(12-27-2017 02:07 PM)Thomas Okken Wrote:  Running a full scan on my build VM now. I don't expect that to turn up anything -- I use that VM for building Free42, running V41 and Emu42, and not much else -- but why not. I'll post the result when it's done.

447476 files scanned, 0 threats found.

UPDATE: I reported the false positive to Microsoft. (No idea how long it takes from doing that to the virus definitions getting updated.)

[zeno333]

(12-27-2017 03:21 PM)Thomas Okken Wrote:  

(12-27-2017 02:07 PM)Thomas Okken Wrote:  Running a full scan on my build VM now. I don't expect that to turn up anything -- I use that VM for building Free42, running V41 and Emu42, and not much else -- but why not. I'll post the result when it's done.

447476 files scanned, 0 threats found.

UPDATE: I reported the false positive to Microsoft. (No idea how long it takes from doing that to the virus definitions getting updated.)

I agree it is a false positive...Perhaps it would be wise to put a note on the Free42 wen site about this very issue...Not all who go there read this forum, and it would give a user the chance to ignore the warning from Defender and override it should they choose to.