Welcome Guest! To enable all features please Login or Register.

Notification

Icon
Error

NCrunch.AppContainer.exe flagged as Trojan:Win32/Bluteal.B!rfn
shellicar
#1 Posted : Thursday, June 21, 2018 11:37:17 PM(UTC)
Rank: Newbie

Groups: Registered
Joined: 5/25/2018(UTC)
Posts: 7
Location: Australia

Thanks: 1 times
Was thanked: 2 time(s) in 2 post(s)
A virus scan for my organisation flagged one of the NCrunch files.

The following has the pertinent information from the report.

Quote:
System Center Endpoint Protection has detected malware on one or more computers in your organization

Malware Name: Trojan:Win32/Bluteal.B!rfn Number of infections: 1 Last detection time(UTC time): 6/21/2018 2:00:01 PM

Detection time(UTC time): 6/21/2018 2:00:01 PM Malware file path: file:_C:\Program Files (x86)\Microsoft Visual Studio\2017\Enterprise\Common7\IDE\Extensions\Remco Software\NCrunch for Visual Studio 2017\NCrunch.AppContainer.exe Remediation action: Quarantine Action status: Succeeded
Remco
#2 Posted : Thursday, June 21, 2018 11:45:35 PM(UTC)
Rank: NCrunch Developer

Groups: Administrators
Joined: 4/16/2011(UTC)
Posts: 7,161

Thanks: 964 times
Was thanked: 1296 time(s) in 1202 post(s)
Hi, thanks for sharing this.

You have my assurance that NCrunch does not contain a virus. This is a false positive.

If you like, you can check the results of online services that are able to push the file through a range of different scanners. Virus Total has quite a good one that allows you to scan a file without downloading it.

As a vendor, there is unfortunately very little I can do about false positives. It isn't possible to design a product around virus scanner detection systems, and because NCrunch does a range of things that a scanner would consider suspect (starting processes, manipulating DLLs and PDBs), there will always be a high occurrence of false positives when scanning it.

The NCrunch.AppContainer.exe process is only used by NCrunch when running tests over legacy Windows Store applications. Assuming you're not developing in such a scenario, NCrunch should work fine without this file.
shellicar
#3 Posted : Thursday, June 21, 2018 11:49:06 PM(UTC)
Rank: Newbie

Groups: Registered
Joined: 5/25/2018(UTC)
Posts: 7
Location: Australia

Thanks: 1 times
Was thanked: 2 time(s) in 2 post(s)
Thanks for the swift reply.

That's what I thought based on other assemblies being flagged with the same heuristic.

Good to know that I can use it without that file.
Users browsing this topic
Guest
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.

YAF | YAF © 2003-2011, Yet Another Forum.NET
This page was generated in 0.025 seconds.
Trial NCrunch
Take NCrunch for a spin
Do your fingers a favour and supercharge your testing workflow
Free Download