From 118e43c4b6441d0e0bce1fa8b28b7b79f9327d2f Mon Sep 17 00:00:00 2001 From: Athanasius Date: Sat, 17 Jul 2021 20:32:19 +0100 Subject: [PATCH] Troubleshooting: Update malware detection section --- Troubleshooting.md | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/Troubleshooting.md b/Troubleshooting.md index d272f7a..548ed9d 100644 --- a/Troubleshooting.md +++ b/Troubleshooting.md @@ -224,12 +224,11 @@ We have had reports that Anti-Virus software such as: - AVG Anti-Virus - BitDefender - MalwareBytes + - (Microsoft) Windows Defender can sometimes report that either one of our installers (e.g. EDMarketConnector_win_5.0.0.msi) or an executable therein is malicious in -some manner. This has invariably always been a false positive. Microsoft's -Windows Defender on Windows 10 never has any issue with any of our application -files. +some manner. This has invariably always been a false positive. The .msi files we distribute are built either on a trusted developer's machine, or on GitHub itself (but then downloaded to a developer's machine @@ -240,6 +239,17 @@ See discussion in [EDMC 5.0.0. Flagged at Malware by AVG Anti Virus #1058](https for more details about the 'cause' of this, including links to py2exe issues about it. +Our working assumption is that some malware authors also use py2exe, or +something similar, to build python scripts into windows executables. +Those then get correctly flagged as malware by various vendors, but +there's then collateral damage from them identifying actually innocent +parts of those malware executables as an issue. That then subsequently +causes them to misidentify innocent programs built that way as malware. + +Every time we've reported the specific file(s) to an AV vendor and +they've looked at them more closely they've then come back to us and +admitted it was a false positive. + It might be worth trying a manual download and install, if what you're Anti-Virus is objecting to is the EDMarketConnector.exe -> WinSparkle.dll -> Download -> Run Installer chain: