FFAStrans forum

Hi.
Several Anti-Virus Programs have alerted on the latest version's "processors.exe" as malware

In order to rule out any current & future issues, is there an option to supply a HASH for the 7z download file?

Hi EliLavi, thank you for using FFAStrans and welcome to the forum!

Tthis is a constant battle I will take a look supplying a hash in some form. Maybe displayed on the web-site is ok?

-steinar

Oh I've just found all the malware threads, but only after sending an email to admin.
On Win7 with latest release 0.9.2.7. My issue was with McAfee Endpoint Security.
It flagged the exe_manager.exe and def_runner.exe as generic trojans or Artemis!# designation as follows:

exe_manager.exe = Artemis!4AA1456EB6B0
def_runner.exe = Artemis!BA02CB2CC4E0

I hope this helps

Sadly McAfee continues to delete the exe files without quarantining them, so i can't even test the application

It still is a big problem!

Even in version 0.9.2.9 the files def_runner.exe and exe_manager.exe keep on giving serious Trojan messages.
Windows Defender just deletes them and Karspersky is blocking them. It took me over an hour to figure out what was going on. I managed to tell Karspersky not to scan the folder where I put FFASTRANS in and I told Windows Defender not to scan .exe files. I don't like that at all but I could not find any other way.

I wanted to copy all of my FFASTRANS files and workflows to a USB stick. It kept on deleting the two files. So this was the only way.

So if there is a better way to scan the whatchfolders would be a big improvement. I don't like the idea that there are potential dangerous files on by PC.

Hi Steinar,

first thanks for your great work!
I also have issues with the malware detection. Unzipping the files is ok, but while running the farm, def_runner.exe get's blocked and no more jobs are executed.
Virustotal has detection rate of 18/59, which is quite a lot, see below.
Providing a hash on the website would be a good idea.
Martin.

SHA256: 3c39fd1748719f41a6629a965c25662b4fa866e4a3c6f66ce297a1f4b88fa524
File name: FFAStrans0.9.2.7z
Detection ratio: 18 / 59
Analysis date: 2018-07-23 08:19:51 UTC ( 23 hours, 1 minute ago )

Yes, I will probably provide a hash soon. I've seen false positives increasing lately which is very sad because it takes focus away from what the program actually does

-steinar

Windows Defender is still going nuts on multiple executables of this program as well. Also, Google Chrome on a macOS machine was preventing me from downloading this, stating that it too had detected malware within it. And seeing that other anti-virus softwares were going nuts on it as well...

That's a lot of alarm bells to ignore, and new users might decide not to. This is going to outright kill your program if it doesn't get resolved in a way that doesn't require having the user turn off their antivirus software.

Yes I know this all too well

Turning of your AV is a bad idea but any good AV-software will let you set exceptions for files being wrongfully flagged as malicious. So it should not be that big a problem, but I totaly agree with you. Some will likely NOT use the software because of this, and I would never blame them.

Anyway, I'm looking at different solutions and hopefully one day the problem will be somewhat sloved. Thanks for you concern!

-steinar

Hi!
I'd really love to test and maybe use this toolset but the positive AV detection is a Show stopper.
Is there anything i can do to help? Looked out for the source code but it seems it is not open, right?

Thanks,
Harald

Hi Harald, thanks for wanting to use FFAStrans and welcome to the forum!

False positives is a huge problem. I've sent several files to several AV-companies but it really does not seem to help that much. So you just need to do what you think is best, whether it's adding an exception for FFAStrans or leave it an use some other tools. And you're right, FFAStrans is currently not open source.

-steinar