Thread Rating:
  • 1 Vote(s) - 4 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Virus warning in EBLink Windows Installer (false positive)
#1
BitDefender and Windows Defender both report a virus in the EBLink Windows installer: EBlinkInstaller3.8(57).exe

The threat is Gen:Variant.Razy.712320
Reply
#2
It looks like that this is a false positive. Everything is clean here till this morning and those files were generated 11 november.
Eblink.exe is clean according Bitdefender and Microsoft.
Nsis compiler is clean according Microsoft
EBshell dll's have some positive detection at certain scanners but not by microsoft or bitdefender.

But as soon as I generate a nsis installer executable, I get a virus warning from Microsoft.

Don't know how to tackle this, to be honest.

Seems to be a known issue with (nsis) installers.
https://nsis.sourceforge.io/NSIS_False_Positives

It also just popup very recently, like yesterday I guess.
Reply
#3
Do you want me to submit a false positive report to BitDefender?
If so, can you put the file somewhere so I can download it again?
Reply
#4
That would be incredible nice, I don't have the time to fight all those virus scanners.

https://www.embitz.org/EBlinkInstaller.zip

I started the request for a code signing certificate but I doubt if that is gone change something for those scanners.
Reply
#5
I reported a false negative to Microsoft with the file to be analysed and I got a very quick answer back. Chapeau Microsoft!

I hope to receive the signing certificate in the next 48 hours. It's a ridiculous amount of money but I think it's wise to do this because we install extension applications to the Windows shell explorer under admin rights so some trust would be nice.

Microsoft response:
Quote:Analyst comments:

We have removed the detection. Please follow the steps below to clear cached detection and obtain the latest malware definitions.

1. Open command prompt as administrator and change directory to c:\Program Files\Windows Defender
2. Run “MpCmdRun.exe -removedefinitions -dynamicsignatures”
3. Run "MpCmdRun.exe -SignatureUpdate"

Alternatively, the latest definition is available for download here: https://www.microsoft.com/en-us/wdsi/definitions
Reply
#6
All the executables are now digitally signed and all virus scanners are happy according virustotal.com.
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)