Welcome Guest! To enable all features please Login or Register.

Notification

Icon
Error
Malware Detected ???
Options
Previous Topic Next Topic
ThatGuyDuncan
#1 Posted : Friday, December 18, 2015 3:18:27 PM(UTC)
Rank: Member

Groups: Registered
Joined: 5/31/2013(UTC)
Posts: 12
Location: Canada

Thanks: 2 times
Was thanked: 2 time(s) in 2 post(s)
I get the following message when attempting to download the latest version of NCrunch.

Quote:
Malware Detected
The transferred file contained a virus and was therefore blocked.
URL: http://downloads.ncrunch...nch_VS2015_2.19.0.4.msi
Media Type: application/executable, application/dotnet-assembly
Virus Name: McAfeeGW: BehavesLike.Win32.Suspicious.cm


It *looks* to my untrained eye like a heuristic match as opposed to a "real" match, but I leave that to the experts to determine. Please advise, thanks! D
Back to top
ThatGuyDuncan
#2 Posted : Friday, December 18, 2015 9:19:10 PM(UTC)
Rank: Member

Groups: Registered
Joined: 5/31/2013(UTC)
Posts: 12
Location: Canada

Thanks: 2 times
Was thanked: 2 time(s) in 2 post(s)
In case it wasn't obvious, the AV engine in use here is McAfee. It runs on our (proxy?) server and not my local machine, so I can't just turn it off. The McAfee instance blocks Free Download Manager from accessing the file as well.
Back to top
Remco
#3 Posted : Friday, December 18, 2015 10:34:17 PM(UTC)
Rank: NCrunch Developer

Groups: Administrators
Joined: 4/16/2011(UTC)
Posts: 6,976

Thanks: 931 times
Was thanked: 1257 time(s) in 1170 post(s)
Hi,

Thanks for sharing this.

It's things like this that really ruffle my feathers ...

This is a false positive caused by a bad scanning tool. You can confirm this by using the online scanner at https://www.virustotal.com, which runs the file through 53 other scanners and reports it as clear.

I'm currently reviewing to see what options I have for convincing McAfee that their scanner is wrong, but I expect this will involve layers of bureaucracy and may take some time.

Have you tried installing the product manually via ZIP?
Back to top
1 user thanked Remco for this useful post.
ThatGuyDuncan on 12/19/2015(UTC)
Remco
#4 Posted : Saturday, December 19, 2015 12:30:40 AM(UTC)
Rank: NCrunch Developer

Groups: Administrators
Joined: 4/16/2011(UTC)
Posts: 6,976

Thanks: 931 times
Was thanked: 1257 time(s) in 1170 post(s)
I've made a submission to McAfee's detection dispute service. Apparently this takes 4-6 weeks before they consider the submission. I've also submitted the installed files through their false positive submission system. As a software author, this is unfortunately the limit of what I'm able to do. I recommend seeing what options you may have available for excluding the install files from the proxy or if there are other options for you to report the false positive as a McAfee customer.
Back to top
 |  Edit by user
ThatGuyDuncan
#5 Posted : Saturday, December 19, 2015 4:53:17 AM(UTC)
Rank: Member

Groups: Registered
Joined: 5/31/2013(UTC)
Posts: 12
Location: Canada

Thanks: 2 times
Was thanked: 2 time(s) in 2 post(s)
I purchased the license personally, though I use it at work. Since it's not part of the standard image, I'm pretty sure my employer will do nothing to assist. Your suggestion to use the .zip instead sounds sound (I'm kinda cheesed I didn't think of it myself), so I'll try that on Monday. Thanks!
Back to top
ThatGuyDuncan
#6 Posted : Monday, December 21, 2015 4:20:47 PM(UTC)
Rank: Member

Groups: Registered
Joined: 5/31/2013(UTC)
Posts: 12
Location: Canada

Thanks: 2 times
Was thanked: 2 time(s) in 2 post(s)
.zip is blocked too.

>>>sigh<<<
Back to top
Remco
#7 Posted : Monday, December 21, 2015 11:09:55 PM(UTC)
Rank: NCrunch Developer

Groups: Administrators
Joined: 4/16/2011(UTC)
Posts: 6,976

Thanks: 931 times
Was thanked: 1257 time(s) in 1170 post(s)
ThatGuyDuncan;8156 wrote:
.zip is blocked too.

>>>sigh<<<


Sorry, I've done all I can from my side :(
Back to top
ThatGuyDuncan
#8 Posted : Tuesday, March 29, 2016 3:18:41 PM(UTC)
Rank: Member

Groups: Registered
Joined: 5/31/2013(UTC)
Posts: 12
Location: Canada

Thanks: 2 times
Was thanked: 2 time(s) in 2 post(s)
Here we go again...

Malware Detected
The transferred file contained a virus and was therefore blocked.
URL: http://downloads.ncrunch...nch_VS2015_2.20.0.4.msi
Media Type: application/executable, application/dotnet-assembly
Virus Name: McAfeeGW: BehavesLike.Win32.BackdoorNJRat.lm

Any chance you could upload a .7z version?
Back to top
 |  Edit by user
Remco
#9 Posted : Tuesday, March 29, 2016 10:18:48 PM(UTC)
Rank: NCrunch Developer

Groups: Administrators
Joined: 4/16/2011(UTC)
Posts: 6,976

Thanks: 931 times
Was thanked: 1257 time(s) in 1170 post(s)
Back to top
1 user thanked Remco for this useful post.
ThatGuyDuncan on 4/1/2016(UTC)
ThatGuyDuncan
#10 Posted : Friday, April 1, 2016 2:56:38 PM(UTC)
Rank: Member

Groups: Registered
Joined: 5/31/2013(UTC)
Posts: 12
Location: Canada

Thanks: 2 times
Was thanked: 2 time(s) in 2 post(s)
Remco;8500 wrote:
Try this one - http://downloads.ncrunch...h_VS2015_2.20.0.4.msi.7z


[AustinPowersVoice]
Yeah baby!
[/AustinPowersVoice]
Back to top
1 user thanked ThatGuyDuncan for this useful post.
Remco on 4/1/2016(UTC)
gquerol
#12 Posted : Friday, September 16, 2016 4:06:03 PM(UTC)
Rank: Newbie

Groups: Registered
Joined: 9/16/2016(UTC)
Posts: 2
Location: France
Hello,

I'm sorry to revive that thread, but newer versions are also detected as malware by mcaffee with a very slow and random process of whitelisting.

Could you please provide and automate for the future a 7z package for all the regular downloads ? (setup, raw files, node and licence server)

This would really be appreciated

Best regards,
Back to top
Remco
#13 Posted : Friday, September 16, 2016 11:52:19 PM(UTC)
Rank: NCrunch Developer

Groups: Administrators
Joined: 4/16/2011(UTC)
Posts: 6,976

Thanks: 931 times
Was thanked: 1257 time(s) in 1170 post(s)
I'll see what I can do. Can you confirm which version of VS you are using?
Back to top
gquerol
#14 Posted : Monday, September 19, 2016 7:58:51 AM(UTC)
Rank: Newbie

Groups: Registered
Joined: 9/16/2016(UTC)
Posts: 2
Location: France
Hello Remco,

We're using Visual studio 2015

Thanks !
Back to top
Remco
#15 Posted : Monday, September 19, 2016 11:51:22 AM(UTC)
Rank: NCrunch Developer

Groups: Administrators
Joined: 4/16/2011(UTC)
Posts: 6,976

Thanks: 931 times
Was thanked: 1257 time(s) in 1170 post(s)
Back to top
 |  Edit by user
jschreuder
#16 Posted : Sunday, February 5, 2017 10:17:34 PM(UTC)
Rank: Advanced Member

Groups: Registered
Joined: 10/5/2015(UTC)
Posts: 42
Location: Australia

Thanks: 14 times
Was thanked: 23 time(s) in 11 post(s)
Hi Remco, sorry to drag up this old topic, but got a new false positive from Symantec this time.

https://i.imgur.com/dT5WNB5.png

https://www.symantec.com...cid=2010-081603-3136-99

Anything I can do to help you get off the watchlist?
Back to top
 |  Edit by user
Remco
#17 Posted : Sunday, February 5, 2017 11:08:30 PM(UTC)
Rank: NCrunch Developer

Groups: Administrators
Joined: 4/16/2011(UTC)
Posts: 6,976

Thanks: 931 times
Was thanked: 1257 time(s) in 1170 post(s)
Hi, thanks for the heads up on this one.

You can submit a false positive report to Symantec from here - https://submit.symantec.com/false_positive/.
Back to top
jschreuder
#18 Posted : Sunday, February 5, 2017 11:46:53 PM(UTC)
Rank: Advanced Member

Groups: Registered
Joined: 10/5/2015(UTC)
Posts: 42
Location: Australia

Thanks: 14 times
Was thanked: 23 time(s) in 11 post(s)
Remco;9776 wrote:
Hi, thanks for the heads up on this one.

You can submit a false positive report to Symantec from here - https://submit.symantec.com/false_positive/.


Done.

Interestingly, I have the 2015 version installed as well, and only the 2017 AppContainer.exe tripped the detection.
Back to top
 |  Edit by user
Remco
#19 Posted : Sunday, February 5, 2017 11:50:55 PM(UTC)
Rank: NCrunch Developer

Groups: Administrators
Joined: 4/16/2011(UTC)
Posts: 6,976

Thanks: 931 times
Was thanked: 1257 time(s) in 1170 post(s)
jschreuder;9777 wrote:
Remco;9776 wrote:
Hi, thanks for the heads up on this one.

You can submit a false positive report to Symantec from here - https://submit.symantec.com/false_positive/.


Done.

Interestingly, I have the 2015 version installed as well, and only the 2017 AppContainer.exe tripped the detection.


Thanks!

That's very interesting. The AppContainer.exe files are identical between installations of NCrunch. These files actually haven't changed since the Windows Store integration was introduced several years ago. If you aren't using the old Windows Store integration, you could probably even delete them.
Back to top
ThatGuyDuncan
#20 Posted : Tuesday, July 3, 2018 8:59:50 PM(UTC)
Rank: Member

Groups: Registered
Joined: 5/31/2013(UTC)
Posts: 12
Location: Canada

Thanks: 2 times
Was thanked: 2 time(s) in 2 post(s)
Good news! I was able to download and install today without using my mobile phone as a hot-spot. First time ever -- Yay! :)
Back to top
1 user thanked ThatGuyDuncan for this useful post.
Remco on 7/3/2018(UTC)
Users browsing this topic
Guest
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.

YAF | YAF © 2003-2011, Yet Another Forum.NET
This page was generated in 0.093 seconds.
Trial NCrunch
Take NCrunch for a spin
Do your fingers a favour and supercharge your testing workflow
Free Download