Tony Posted May 31, 2016 Share Posted May 31, 2016 Windows 10, v1511, built 10586.318, today's update of Recording Service (malware, Trojan, etc...). What is the problem? Quote Link to comment
Joshua06 Posted May 31, 2016 Share Posted May 31, 2016 (edited) Is not a problem, is a false positive. Disable windows defender, install Recording Service, after install enable windows defender Edited May 31, 2016 by Joshua06 Quote Link to comment
Tjod Posted May 31, 2016 Share Posted May 31, 2016 It seams only Windows Defender on Windows 10 (1511) has this bug. (It effects multiple applications which are using Inno Setup like DVBViewer and RS) Windows Defender on Win 8.1 and Windows Defender on Win 10 (14352) and on Windows Defender https://www.virustotal.com are reporting nothing. Feel free to inform Microsoft about their mistake. https://www.microsoft.com/en-us/security/portal/submission/submit.aspx (I have abandoned to inform AV vendors about their bugs (false positive) if they don't affect me) 1 Quote Link to comment
JohnD Posted June 12, 2016 Share Posted June 12, 2016 Hi, I'm having the same problem with DVBViewer Pro 5.6.2. I temporarily disabled Windows Defender in order to allow the download and installation, but as soon as I re-enable Windows Defender, it removes the installed software. So it's not only the installer that Windows Defender objects to, but something in the product itself. Cheers John Quote Link to comment
JohnD Posted June 12, 2016 Share Posted June 12, 2016 Sorry, I should have said also - that's on Windows 10 (the forum wouldn't allow me to edit my original post). Interestingly, Windows Defender didn't object to the demo download and installation - only the Pro version. Cheers John Quote Link to comment
hackbart Posted June 12, 2016 Share Posted June 12, 2016 Probably because the downloads from the members section are unique, while the demo version is not generated for each user individually. I dropped Microsoft a message a while ago, but they do not really respond in a manner they should... Like Tjod said it would be extremely helpful if people would use the link above in order to inform microsoft about the false positive. Quote Link to comment
JohnD Posted June 12, 2016 Share Posted June 12, 2016 OK, I've submitted the false-positive details to MS via that link. If I understand correctly, it appears that something in my profile has produced a unique id or similar, giving the false positive? If that's the case, would it be possible to tinker with the profile to generate a different executable? Quote Link to comment
HaraldL Posted June 13, 2016 Share Posted June 13, 2016 (edited) Every customer gets an individual installer (and included EXE file) with embedded customer ID or something similar. To identify who spreads cracked versions, just like MP3 music files with embedded watermarks. For some antivirus products it looks suspicious that several users have the same EXE file in the same folder with same version number but different hash (the cloud feature of many antivirus products send file hashes to a central database). And they falsely assume it could be a self-modifying virus they don't know or something. What is not the case of course. If you submit your EXE to the antivirus vendor and it gets white-listed, then mine is still not because my EXE is different. Or vice versa. And with every new version of DVBViewer or RecordingService the "game" begins again from scratch. Edited June 13, 2016 by HaraldL Quote Link to comment
JohnD Posted June 13, 2016 Share Posted June 13, 2016 (edited) Hmm, good point. So, apart from ditching Windows Defender and switching to something else, can anyone suggest a solution? Edit - actually, of course, I guess I just need to set up DVBViewer as an exception. Cheers John Edited June 13, 2016 by JohnD Quote Link to comment
dgdg Posted June 14, 2016 Share Posted June 14, 2016 Same problem her with Windows 7 and MSE (Microsoft Security Essentials). It was quite a struggle to install the lastest version of DVBViewer without MSE removing the EXE. It does'nt help to stop the anti-virus software. A soon as you active it and try to start DVBViewer the EXE is removed. Kategorie: TrojanerBeschreibung: Dieses Programm ist gefährlich. Es führt Befehle eines Angreifers aus.Empfohlene Aktion: Entfernen Sie diese Software unverzüglich.Elemente:file:C:\Program Files (x86)\DVBViewer\DVBViewer.exe In this case DVBViewer is suspicious because it's behavior. Quote Link to comment
bjanuszs46 Posted June 15, 2016 Share Posted June 15, 2016 The same problem here: Microsoft Security Essentials reports Trojan:Win32/Varpes.N!c in DVBViewer 5.6.2. As suggested above by John, I've edited the MSE exception adding both the whole directory with binaries and the installer file. Quote Link to comment
hackbart Posted June 15, 2016 Share Posted June 15, 2016 The strange thing is that here under all systems i've tested (Windows 7, 8.1, 10) the defender does not warn about the binaries. Microsoft also asked me to provide a binary which does, maybe somebody could pm me a file? Quote Link to comment
wappy Posted June 15, 2016 Share Posted June 15, 2016 (edited) Got the same problem under windows 10 latest insiders preview and latest DVBViewer, also tested on other pc that is running 8.1 without problems. Edited June 15, 2016 by wappy Quote Link to comment
JohnD Posted June 15, 2016 Share Posted June 15, 2016 The strange thing is that here under all systems i've tested (Windows 7, 8.1, 10) the defender does not warn about the binaries. Microsoft also asked me to provide a binary which does, maybe somebody could pm me a file? I was going to pm you one of the files I have here, so... I made copies of the installer and executable (which I have in a folder that Defender is excluded from), and scanned them with Windows Defender to confirm the message I get. I was then going to send one over to you with those details. However, Windows Defender said they were ok. So I downloaded the DVBViewer installer again, and Defender immediately deleted it claiming it was a trojan - "Win32/Varpes.N!cl". So, when I explicitly present those files for scanning, no problem, but when I download the software, it is a problem. I know almost nothing of the way anti-virus s/w works, so I can't explain it, but maybe this is why you can't get any a/v warnings either. I can still send you a file if it would be useful, but it seems it may not be. Cheers John Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.