AntiVirus Detection

Here you can submit bugreports
EliLavi
Posts: 1
Joined: Wed Jun 06, 2018 7:12 am

AntiVirus Detection

Post by EliLavi »

Hi.
Several Anti-Virus Programs have alerted on the latest version's "processors.exe" as malware :o :o :o

In order to rule out any current & future issues, is there an option to supply a HASH for the 7z download file?
admin
Site Admin
Posts: 1680
Joined: Sat Feb 08, 2014 10:39 pm

Re: AntiVirus Detection

Post by admin »

Hi EliLavi, thank you for using FFAStrans and welcome to the forum! :-)

Tthis is a constant battle :-( I will take a look supplying a hash in some form. Maybe displayed on the web-site is ok?

-steinar
3pointedit
Posts: 4
Joined: Fri Jul 20, 2018 1:46 am

Re: AntiVirus Detection

Post by 3pointedit »

Oh I've just found all the malware threads, but only after sending an email to admin.
On Win7 with latest release 0.9.2.7. My issue was with McAfee Endpoint Security.
It flagged the exe_manager.exe and def_runner.exe as generic trojans or Artemis!# designation as follows:

exe_manager.exe = Artemis!4AA1456EB6B0
def_runner.exe = Artemis!BA02CB2CC4E0

I hope this helps

Sadly McAfee continues to delete the exe files without quarantining them, so i can't even test the application :(
David

ABC TV Australia
rambouzi
Posts: 2
Joined: Thu Jun 29, 2017 12:51 pm

Re: AntiVirus Detection

Post by rambouzi »

It still is a big problem!

Even in version 0.9.2.9 the files def_runner.exe and exe_manager.exe keep on giving serious Trojan messages.
Windows Defender just deletes them and Karspersky is blocking them. It took me over an hour to figure out what was going on. I managed to tell Karspersky not to scan the folder where I put FFASTRANS in and I told Windows Defender not to scan .exe files. I don't like that at all but I could not find any other way.

I wanted to copy all of my FFASTRANS files and workflows to a USB stick. It kept on deleting the two files. So this was the only way.

So if there is a better way to scan the whatchfolders would be a big improvement. I don't like the idea that there are potential dangerous files on by PC.
mzed
Posts: 1
Joined: Tue Jul 24, 2018 7:18 am

Re: AntiVirus Detection

Post by mzed »

Hi Steinar,

first thanks for your great work!
I also have issues with the malware detection. Unzipping the files is ok, but while running the farm, def_runner.exe get's blocked and no more jobs are executed.
Virustotal has detection rate of 18/59, which is quite a lot, see below.
Providing a hash on the website would be a good idea.
Martin.

SHA256: 3c39fd1748719f41a6629a965c25662b4fa866e4a3c6f66ce297a1f4b88fa524
File name: FFAStrans0.9.2.7z
Detection ratio: 18 / 59
Analysis date: 2018-07-23 08:19:51 UTC ( 23 hours, 1 minute ago )
admin
Site Admin
Posts: 1680
Joined: Sat Feb 08, 2014 10:39 pm

Re: AntiVirus Detection

Post by admin »

Yes, I will probably provide a hash soon. I've seen false positives increasing lately which is very sad because it takes focus away from what the program actually does :-(

-steinar
XStylus
Posts: 3
Joined: Fri Apr 28, 2017 4:24 am

Re: AntiVirus Detection

Post by XStylus »

Windows Defender is still going nuts on multiple executables of this program as well. Also, Google Chrome on a macOS machine was preventing me from downloading this, stating that it too had detected malware within it. And seeing that other anti-virus softwares were going nuts on it as well...

That's a lot of alarm bells to ignore, and new users might decide not to. This is going to outright kill your program if it doesn't get resolved in a way that doesn't require having the user turn off their antivirus software.
admin
Site Admin
Posts: 1680
Joined: Sat Feb 08, 2014 10:39 pm

Re: AntiVirus Detection

Post by admin »

Yes I know this all too well :-(

Turning of your AV is a bad idea but any good AV-software will let you set exceptions for files being wrongfully flagged as malicious. So it should not be that big a problem, but I totaly agree with you. Some will likely NOT use the software because of this, and I would never blame them.

Anyway, I'm looking at different solutions and hopefully one day the problem will be somewhat sloved. Thanks for you concern!

-steinar
emcodem
Posts: 1753
Joined: Wed Sep 19, 2018 8:11 am

Re: AntiVirus Detection

Post by emcodem »

Hi!
I'd really love to test and maybe use this toolset but the positive AV detection is a Show stopper.
Is there anything i can do to help? Looked out for the source code but it seems it is not open, right?

Thanks,
Harald
emcodem, wrapping since 2009 you got the rhyme?
admin
Site Admin
Posts: 1680
Joined: Sat Feb 08, 2014 10:39 pm

Re: AntiVirus Detection

Post by admin »

Hi Harald, thanks for wanting to use FFAStrans and welcome to the forum! :-)

False positives is a huge problem. I've sent several files to several AV-companies but it really does not seem to help that much. So you just need to do what you think is best, whether it's adding an exception for FFAStrans or leave it an use some other tools. And you're right, FFAStrans is currently not open source.

-steinar
Post Reply