Welcome Guest! To enable all features please Login or Register.

Notification

Icon
Error

Malware Detected ???
ThatGuyDuncan
#1 Posted : 9 years ago
Rank: Member

Groups: Registered
Joined: 5/31/2013(UTC)
Posts: 12
Location: Canada

Thanks: 2 times
Was thanked: 2 time(s) in 2 post(s)
I get the following message when attempting to download the latest version of NCrunch.

Quote:
Malware Detected
The transferred file contained a virus and was therefore blocked.
URL: http://downloads.ncrunch...nch_VS2015_2.19.0.4.msi
Media Type: application/executable, application/dotnet-assembly
Virus Name: McAfeeGW: BehavesLike.Win32.Suspicious.cm


It *looks* to my untrained eye like a heuristic match as opposed to a "real" match, but I leave that to the experts to determine. Please advise, thanks! D
ThatGuyDuncan
#2 Posted : 9 years ago
Rank: Member

Groups: Registered
Joined: 5/31/2013(UTC)
Posts: 12
Location: Canada

Thanks: 2 times
Was thanked: 2 time(s) in 2 post(s)
In case it wasn't obvious, the AV engine in use here is McAfee. It runs on our (proxy?) server and not my local machine, so I can't just turn it off. The McAfee instance blocks Free Download Manager from accessing the file as well.
Remco
#3 Posted : 9 years ago
Rank: NCrunch Developer

Groups: Administrators
Joined: 4/16/2011(UTC)
Posts: 7,165

Thanks: 964 times
Was thanked: 1296 time(s) in 1202 post(s)
Hi,

Thanks for sharing this.

It's things like this that really ruffle my feathers ...

This is a false positive caused by a bad scanning tool. You can confirm this by using the online scanner at https://www.virustotal.com, which runs the file through 53 other scanners and reports it as clear.

I'm currently reviewing to see what options I have for convincing McAfee that their scanner is wrong, but I expect this will involve layers of bureaucracy and may take some time.

Have you tried installing the product manually via ZIP?
1 user thanked Remco for this useful post.
ThatGuyDuncan on 12/19/2015(UTC)
Remco
#4 Posted : 9 years ago
Rank: NCrunch Developer

Groups: Administrators
Joined: 4/16/2011(UTC)
Posts: 7,165

Thanks: 964 times
Was thanked: 1296 time(s) in 1202 post(s)
I've made a submission to McAfee's detection dispute service. Apparently this takes 4-6 weeks before they consider the submission. I've also submitted the installed files through their false positive submission system. As a software author, this is unfortunately the limit of what I'm able to do. I recommend seeing what options you may have available for excluding the install files from the proxy or if there are other options for you to report the false positive as a McAfee customer.
ThatGuyDuncan
#5 Posted : 9 years ago
Rank: Member

Groups: Registered
Joined: 5/31/2013(UTC)
Posts: 12
Location: Canada

Thanks: 2 times
Was thanked: 2 time(s) in 2 post(s)
I purchased the license personally, though I use it at work. Since it's not part of the standard image, I'm pretty sure my employer will do nothing to assist. Your suggestion to use the .zip instead sounds sound (I'm kinda cheesed I didn't think of it myself), so I'll try that on Monday. Thanks!
ThatGuyDuncan
#6 Posted : 9 years ago
Rank: Member

Groups: Registered
Joined: 5/31/2013(UTC)
Posts: 12
Location: Canada

Thanks: 2 times
Was thanked: 2 time(s) in 2 post(s)
.zip is blocked too.

>>>sigh<<<
Remco
#7 Posted : 9 years ago
Rank: NCrunch Developer

Groups: Administrators
Joined: 4/16/2011(UTC)
Posts: 7,165

Thanks: 964 times
Was thanked: 1296 time(s) in 1202 post(s)
ThatGuyDuncan;8156 wrote:
.zip is blocked too.

>>>sigh<<<


Sorry, I've done all I can from my side :(
ThatGuyDuncan
#8 Posted : 8 years ago
Rank: Member

Groups: Registered
Joined: 5/31/2013(UTC)
Posts: 12
Location: Canada

Thanks: 2 times
Was thanked: 2 time(s) in 2 post(s)
Here we go again...

Malware Detected
The transferred file contained a virus and was therefore blocked.
URL: http://downloads.ncrunch...nch_VS2015_2.20.0.4.msi
Media Type: application/executable, application/dotnet-assembly
Virus Name: McAfeeGW: BehavesLike.Win32.BackdoorNJRat.lm

Any chance you could upload a .7z version?
Remco
#9 Posted : 8 years ago
Rank: NCrunch Developer

Groups: Administrators
Joined: 4/16/2011(UTC)
Posts: 7,165

Thanks: 964 times
Was thanked: 1296 time(s) in 1202 post(s)
1 user thanked Remco for this useful post.
ThatGuyDuncan on 4/1/2016(UTC)
ThatGuyDuncan
#10 Posted : 8 years ago
Rank: Member

Groups: Registered
Joined: 5/31/2013(UTC)
Posts: 12
Location: Canada

Thanks: 2 times
Was thanked: 2 time(s) in 2 post(s)


[AustinPowersVoice]
Yeah baby!
[/AustinPowersVoice]
1 user thanked ThatGuyDuncan for this useful post.
Remco on 4/1/2016(UTC)
gquerol
#12 Posted : 8 years ago
Rank: Newbie

Groups: Registered
Joined: 9/16/2016(UTC)
Posts: 2
Location: France

Hello,

I'm sorry to revive that thread, but newer versions are also detected as malware by mcaffee with a very slow and random process of whitelisting.

Could you please provide and automate for the future a 7z package for all the regular downloads ? (setup, raw files, node and licence server)

This would really be appreciated

Best regards,

Remco
#13 Posted : 8 years ago
Rank: NCrunch Developer

Groups: Administrators
Joined: 4/16/2011(UTC)
Posts: 7,165

Thanks: 964 times
Was thanked: 1296 time(s) in 1202 post(s)
I'll see what I can do. Can you confirm which version of VS you are using?
gquerol
#14 Posted : 8 years ago
Rank: Newbie

Groups: Registered
Joined: 9/16/2016(UTC)
Posts: 2
Location: France

Hello Remco,

We're using Visual studio 2015

Thanks !
Remco
#15 Posted : 8 years ago
Rank: NCrunch Developer

Groups: Administrators
Joined: 4/16/2011(UTC)
Posts: 7,165

Thanks: 964 times
Was thanked: 1296 time(s) in 1202 post(s)
jschreuder
#16 Posted : 7 years ago
Rank: Advanced Member

Groups: Registered
Joined: 10/5/2015(UTC)
Posts: 42
Location: Australia

Thanks: 14 times
Was thanked: 23 time(s) in 11 post(s)
Hi Remco, sorry to drag up this old topic, but got a new false positive from Symantec this time.

https://i.imgur.com/dT5WNB5.png

https://www.symantec.com...cid=2010-081603-3136-99

Anything I can do to help you get off the watchlist?
Remco
#17 Posted : 7 years ago
Rank: NCrunch Developer

Groups: Administrators
Joined: 4/16/2011(UTC)
Posts: 7,165

Thanks: 964 times
Was thanked: 1296 time(s) in 1202 post(s)
Hi, thanks for the heads up on this one.

You can submit a false positive report to Symantec from here - https://submit.symantec.com/false_positive/.
jschreuder
#18 Posted : 7 years ago
Rank: Advanced Member

Groups: Registered
Joined: 10/5/2015(UTC)
Posts: 42
Location: Australia

Thanks: 14 times
Was thanked: 23 time(s) in 11 post(s)
Remco;9776 wrote:
Hi, thanks for the heads up on this one.

You can submit a false positive report to Symantec from here - https://submit.symantec.com/false_positive/.


Done.

Interestingly, I have the 2015 version installed as well, and only the 2017 AppContainer.exe tripped the detection.
Remco
#19 Posted : 7 years ago
Rank: NCrunch Developer

Groups: Administrators
Joined: 4/16/2011(UTC)
Posts: 7,165

Thanks: 964 times
Was thanked: 1296 time(s) in 1202 post(s)
jschreuder;9777 wrote:
Remco;9776 wrote:
Hi, thanks for the heads up on this one.

You can submit a false positive report to Symantec from here - https://submit.symantec.com/false_positive/.


Done.

Interestingly, I have the 2015 version installed as well, and only the 2017 AppContainer.exe tripped the detection.


Thanks!

That's very interesting. The AppContainer.exe files are identical between installations of NCrunch. These files actually haven't changed since the Windows Store integration was introduced several years ago. If you aren't using the old Windows Store integration, you could probably even delete them.
ThatGuyDuncan
#20 Posted : 6 years ago
Rank: Member

Groups: Registered
Joined: 5/31/2013(UTC)
Posts: 12
Location: Canada

Thanks: 2 times
Was thanked: 2 time(s) in 2 post(s)
Good news! I was able to download and install today without using my mobile phone as a hot-spot. First time ever -- Yay! :)
1 user thanked ThatGuyDuncan for this useful post.
Remco on 7/3/2018(UTC)
Users browsing this topic
Guest
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.

YAF | YAF © 2003-2011, Yet Another Forum.NET
This page was generated in 0.103 seconds.
Trial NCrunch
Take NCrunch for a spin
Do your fingers a favour and supercharge your testing workflow
Free Download