[3.87c] Virus scanner hates 32-bit verison

Sat Feb 27, 2021 12:37 pm

From this thread.

Chrome and FF refused to download it, and if I forced it, Windows Defender would quickly step in and stop it. Googling around suggests it to be one of those generic signatures that show up a lot in false positives.

Re: [3.87c] Virus scanner hates 32-bit verison

Sat Feb 27, 2021 12:40 pm

It's a false positive. Complain to the creators of these bogus lists to get it removed. We are powerless in light of such stupidity. BTW, it only seems to trigger an alert when downloading in the browser. Starting the EXE does not trigger my antivirus, so unfortunately I cannot even tell which file in there is responsible.

Re: [3.87c] Virus scanner hates 32-bit verison

Sat Feb 27, 2021 1:04 pm

I get the Defender positive only with the 32 bit executable. Trojan:Win32/Woreflint.A!cl

Re: [3.87c] Virus scanner hates 32-bit verison

Sat Feb 27, 2021 1:16 pm

Best suggestion is to see if there's a way to submit a file for review by whoever runs the scanning service. If they can't fix whatever bug is causing the false positive, there is more than likely a database of them that they can add it to, that'll get released in the next set of definitions.

Re: [3.87c] Virus scanner hates 32-bit verison

Sat Feb 27, 2021 1:40 pm

Which file triggers it? On my system Windows Defender remains silent.

Re: [3.87c] Virus scanner hates 32-bit verison

Sat Feb 27, 2021 1:59 pm

The actual results by VirusTotal: 32-bit and 64-bit. I would say, go build a version from source code if those reports aren’t convincing enough.

Re: [3.87c] Virus scanner hates 32-bit verison

Sat Feb 27, 2021 3:12 pm

I'm kinda surprised VirusTotal isn't flagging it, since things like Chrome tend to have results relatively consistent with it, even for false positives in the past. I really had no doubt it was a false positive, but where do you even send these reports to anymore? I'm assuming there's some shared database that both MS and Google are using, but what is it? (I'd like to send them the full disassembly of a simple "Hello World" program it flagged a few months ago...)

Re: [3.87c] Virus scanner hates 32-bit verison

Sat Feb 27, 2021 3:23 pm

It seems like it gives completely different results if you unzip it and scan just the EXE file. Here's the report. It originally had 20 antiviruses flagging it as suspicious (Seems someone ran it before), but I told it to rerun it and it says 22 now.

Re: [3.87c] Virus scanner hates 32-bit verison

Sat Feb 27, 2021 3:55 pm

Makes me wonder if it's the XP toolset causing the mess.

Re: [3.87c] Virus scanner hates 32-bit verison

Sat Feb 27, 2021 5:44 pm

Now 3.87b and 3.87a also give a positive: Trojan:Win32/Zpevdo.B

Re: [3.87c] Virus scanner hates 32-bit verison

Sat Feb 27, 2021 6:08 pm

Most likely it's a combination of the XP toolset and the custom internal _stat function.
Edit: May be not, 3.86a doesn't give a positive.

Re: [3.87c] Virus scanner hates 32-bit verison

Mon Mar 01, 2021 4:01 am

phantombeta wrote:It seems like it gives completely different results if you unzip it and scan just the EXE file. Here's the report. It originally had 20 antiviruses flagging it as suspicious (Seems someone ran it before), but I told it to rerun it and it says 22 now.



If you read those results, they're NOT consistent...some say virus A, some others say B and some say other shit or just too sensitive for some reasons...

I would say send the file to those AV authors and let them do detailed test would be better solution...?

Re: [3.87c] Virus scanner hates 32-bit verison

Mon Mar 01, 2021 9:48 am

PlayerLin wrote:I would say send the file to those AV authors and let them do detailed test would be better solution...?

Lately they don't seem to care. We're not some multi-million dollar software firm with a reputation to uphold or the ability to hire corporate lawyers that can send them into bankruptcy, so they feel not threatened by us nor like any sort of software we develop even matters.

Re: [3.87c] Virus scanner hates 32-bit verison

Fri Mar 05, 2021 1:14 pm

I also saw this issue on my end, I've submitted the LZDoom executable to Microsoft for re-analysis.
They usually respond in about 12 hours (from what I can tell).
Should I hear anything, I will either edit this post or add a new reply

Edit:
Microsoft has removed the false positive detection for the LZDoom executable in definition update 1.331.2475.0

Re: [3.87c] Virus scanner hates 32-bit verison

Sat Mar 06, 2021 3:04 am

electrodragon554 wrote:Microsoft has removed the false positive detection for the LZDoom executable in definition update 1.331.2475.0

Thanks.