Welcome Guest! To enable all features please Login or Register.

Notification

Icon
Error

Malware Detected ???
ThatGuyDuncan
#1 Posted : Friday, December 18, 2015 3:18:27 PM(UTC)
Rank: Member

Groups: Registered
Joined: 5/31/2013(UTC)
Posts: 10
Location: Canada

Thanks: 2 times
Was thanked: 2 time(s) in 2 post(s)
I get the following message when attempting to download the latest version of NCrunch.

Quote:
Malware Detected
The transferred file contained a virus and was therefore blocked.
URL: http://downloads.ncrunch...unch_VS2015_2.19.0.4.msi
Media Type: application/executable, application/dotnet-assembly
Virus Name: McAfeeGW: BehavesLike.Win32.Suspicious.cm


It *looks* to my untrained eye like a heuristic match as opposed to a "real" match, but I leave that to the experts to determine. Please advise, thanks! D
ThatGuyDuncan
#2 Posted : Friday, December 18, 2015 9:19:10 PM(UTC)
Rank: Member

Groups: Registered
Joined: 5/31/2013(UTC)
Posts: 10
Location: Canada

Thanks: 2 times
Was thanked: 2 time(s) in 2 post(s)
In case it wasn't obvious, the AV engine in use here is McAfee. It runs on our (proxy?) server and not my local machine, so I can't just turn it off. The McAfee instance blocks Free Download Manager from accessing the file as well.
Remco
#3 Posted : Friday, December 18, 2015 10:34:17 PM(UTC)
Rank: NCrunch Developer

Groups: Administrators
Joined: 4/16/2011(UTC)
Posts: 5,374

Thanks: 705 times
Was thanked: 878 time(s) in 835 post(s)
Hi,

Thanks for sharing this.

It's things like this that really ruffle my feathers ...

This is a false positive caused by a bad scanning tool. You can confirm this by using the online scanner at https://www.virustotal.com, which runs the file through 53 other scanners and reports it as clear.

I'm currently reviewing to see what options I have for convincing McAfee that their scanner is wrong, but I expect this will involve layers of bureaucracy and may take some time.

Have you tried installing the product manually via ZIP?
1 user thanked Remco for this useful post.
ThatGuyDuncan on 12/19/2015(UTC)
Remco
#4 Posted : Saturday, December 19, 2015 12:30:40 AM(UTC)
Rank: NCrunch Developer

Groups: Administrators
Joined: 4/16/2011(UTC)
Posts: 5,374

Thanks: 705 times
Was thanked: 878 time(s) in 835 post(s)
I've made a submission to McAfee's detection dispute service. Apparently this takes 4-6 weeks before they consider the submission. I've also submitted the installed files through their false positive submission system. As a software author, this is unfortunately the limit of what I'm able to do. I recommend seeing what options you may have available for excluding the install files from the proxy or if there are other options for you to report the false positive as a McAfee customer.
ThatGuyDuncan
#5 Posted : Saturday, December 19, 2015 4:53:17 AM(UTC)
Rank: Member

Groups: Registered
Joined: 5/31/2013(UTC)
Posts: 10
Location: Canada

Thanks: 2 times
Was thanked: 2 time(s) in 2 post(s)
I purchased the license personally, though I use it at work. Since it's not part of the standard image, I'm pretty sure my employer will do nothing to assist. Your suggestion to use the .zip instead sounds sound (I'm kinda cheesed I didn't think of it myself), so I'll try that on Monday. Thanks!
ThatGuyDuncan
#6 Posted : Monday, December 21, 2015 4:20:47 PM(UTC)
Rank: Member

Groups: Registered
Joined: 5/31/2013(UTC)
Posts: 10
Location: Canada

Thanks: 2 times
Was thanked: 2 time(s) in 2 post(s)
.zip is blocked too.

>>>sigh<<<
Remco
#7 Posted : Monday, December 21, 2015 11:09:55 PM(UTC)
Rank: NCrunch Developer

Groups: Administrators
Joined: 4/16/2011(UTC)
Posts: 5,374

Thanks: 705 times
Was thanked: 878 time(s) in 835 post(s)
ThatGuyDuncan;8156 wrote:
.zip is blocked too.

>>>sigh<<<


Sorry, I've done all I can from my side :(
ThatGuyDuncan
#8 Posted : Tuesday, March 29, 2016 3:18:41 PM(UTC)
Rank: Member

Groups: Registered
Joined: 5/31/2013(UTC)
Posts: 10
Location: Canada

Thanks: 2 times
Was thanked: 2 time(s) in 2 post(s)
Here we go again...

Malware Detected
The transferred file contained a virus and was therefore blocked.
URL: http://downloads.ncrunch...unch_VS2015_2.20.0.4.msi
Media Type: application/executable, application/dotnet-assembly
Virus Name: McAfeeGW: BehavesLike.Win32.BackdoorNJRat.lm

Any chance you could upload a .7z version?
Remco
#9 Posted : Tuesday, March 29, 2016 10:18:48 PM(UTC)
Rank: NCrunch Developer

Groups: Administrators
Joined: 4/16/2011(UTC)
Posts: 5,374

Thanks: 705 times
Was thanked: 878 time(s) in 835 post(s)
1 user thanked Remco for this useful post.
ThatGuyDuncan on 4/1/2016(UTC)
ThatGuyDuncan
#10 Posted : Friday, April 1, 2016 2:56:38 PM(UTC)
Rank: Member

Groups: Registered
Joined: 5/31/2013(UTC)
Posts: 10
Location: Canada

Thanks: 2 times
Was thanked: 2 time(s) in 2 post(s)


[AustinPowersVoice]
Yeah baby!
[/AustinPowersVoice]
1 user thanked ThatGuyDuncan for this useful post.
Remco on 4/1/2016(UTC)
gquerol
#12 Posted : Friday, September 16, 2016 4:06:03 PM(UTC)
Rank: Newbie

Groups: Registered
Joined: 9/16/2016(UTC)
Posts: 2
Location: France

Hello,

I'm sorry to revive that thread, but newer versions are also detected as malware by mcaffee with a very slow and random process of whitelisting.

Could you please provide and automate for the future a 7z package for all the regular downloads ? (setup, raw files, node and licence server)

This would really be appreciated

Best regards,

Remco
#13 Posted : Friday, September 16, 2016 11:52:19 PM(UTC)
Rank: NCrunch Developer

Groups: Administrators
Joined: 4/16/2011(UTC)
Posts: 5,374

Thanks: 705 times
Was thanked: 878 time(s) in 835 post(s)
I'll see what I can do. Can you confirm which version of VS you are using?
gquerol
#14 Posted : Monday, September 19, 2016 7:58:51 AM(UTC)
Rank: Newbie

Groups: Registered
Joined: 9/16/2016(UTC)
Posts: 2
Location: France

Hello Remco,

We're using Visual studio 2015

Thanks !
Remco
#15 Posted : Monday, September 19, 2016 11:51:22 AM(UTC)
Rank: NCrunch Developer

Groups: Administrators
Joined: 4/16/2011(UTC)
Posts: 5,374

Thanks: 705 times
Was thanked: 878 time(s) in 835 post(s)
jschreuder
#16 Posted : Sunday, February 5, 2017 10:17:34 PM(UTC)
Rank: Member

Groups: Registered
Joined: 10/5/2015(UTC)
Posts: 25
Location: Australia

Thanks: 6 times
Was thanked: 5 time(s) in 5 post(s)
Hi Remco, sorry to drag up this old topic, but got a new false positive from Symantec this time.

https://i.imgur.com/dT5WNB5.png

https://www.symantec.com...ocid=2010-081603-3136-99

Anything I can do to help you get off the watchlist?
Remco
#17 Posted : Sunday, February 5, 2017 11:08:30 PM(UTC)
Rank: NCrunch Developer

Groups: Administrators
Joined: 4/16/2011(UTC)
Posts: 5,374

Thanks: 705 times
Was thanked: 878 time(s) in 835 post(s)
Hi, thanks for the heads up on this one.

You can submit a false positive report to Symantec from here - https://submit.symantec.com/false_positive/.
jschreuder
#18 Posted : Sunday, February 5, 2017 11:46:53 PM(UTC)
Rank: Member

Groups: Registered
Joined: 10/5/2015(UTC)
Posts: 25
Location: Australia

Thanks: 6 times
Was thanked: 5 time(s) in 5 post(s)
Remco;9776 wrote:
Hi, thanks for the heads up on this one.

You can submit a false positive report to Symantec from here - https://submit.symantec.com/false_positive/.


Done.

Interestingly, I have the 2015 version installed as well, and only the 2017 AppContainer.exe tripped the detection.
Remco
#19 Posted : Sunday, February 5, 2017 11:50:55 PM(UTC)
Rank: NCrunch Developer

Groups: Administrators
Joined: 4/16/2011(UTC)
Posts: 5,374

Thanks: 705 times
Was thanked: 878 time(s) in 835 post(s)
jschreuder;9777 wrote:
Remco;9776 wrote:
Hi, thanks for the heads up on this one.

You can submit a false positive report to Symantec from here - https://submit.symantec.com/false_positive/.


Done.

Interestingly, I have the 2015 version installed as well, and only the 2017 AppContainer.exe tripped the detection.


Thanks!

That's very interesting. The AppContainer.exe files are identical between installations of NCrunch. These files actually haven't changed since the Windows Store integration was introduced several years ago. If you aren't using the old Windows Store integration, you could probably even delete them.
ThatGuyDuncan
#20 Posted : Tuesday, July 3, 2018 8:59:50 PM(UTC)
Rank: Member

Groups: Registered
Joined: 5/31/2013(UTC)
Posts: 10
Location: Canada

Thanks: 2 times
Was thanked: 2 time(s) in 2 post(s)
Good news! I was able to download and install today without using my mobile phone as a hot-spot. First time ever -- Yay! :)
1 user thanked ThatGuyDuncan for this useful post.
Remco on 7/3/2018(UTC)
Users browsing this topic
Guest (3)
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.

YAF | YAF © 2003-2011, Yet Another Forum.NET
This page was generated in 0.094 seconds.