Windows Defender and openmsx beta builds

Page 3/3
1 | 2 |

By Manuel

Ascended (16158)

Manuel's picture

08-03-2020, 22:52

sdsnatcher73 - thanks for the effort, I'll try to discuss with the team and see what we'll do. It definitely looks interesting. I had no idea this was offered on GitHub.

By zeilemaker54

Champion (259)

zeilemaker54's picture

09-03-2020, 16:52

I have this problem too with own builds from the openmsx git repostory using visual studio 2019.
I did scan the executable online. Only defender report it as malware. So I did report this issue to Microsoft by uploading the executable. They already confirmed there was no malware, so it must be due bad detection logic in windows defender

By Manuel

Ascended (16158)

Manuel's picture

09-03-2020, 21:49

Great, thanks for that!

By FiXato

Scribe (1555)

FiXato's picture

12-03-2020, 04:02

The Virus Total scan results are a bit weird as well...
Compare the results for openmsx.fixato.net/builds/windows/x86/openmsx-0.15.0-208-g043790ecd-windows-vc-x86-bin-msi.zip which shows no malicious content detected, to:
results for the exact same openmsx-0.15.0-208-g043790ecd-windows-vc-x86-bin-msi.zip file, uploaded straight from the same server which shows 3 detections: Antiy-AVL: Trojan/Win32.Wacatac, Microsoft: PUA:Win32/Presenoker and Rising: Trojan.Generic@ ML.100 (RDML:n8f3N4rzBvN91QqMJCHIOg)

If you compare the Body SHA256 sum of the first, to that of the file, you'll see that they are both the same, and thus the exact same file:
f468317b5732585f9127001d16ddd50134ebf90da9464d8d864389e6ff7fbb5b

So, why is it detected in the direct file upload, but not in the url download?

Edit:

Hmm, I guess a URL scan is not actually also scanning the actual file then? The URL results also don't seem to include Microsoft Defender in the list of engines. That kinda makes the Virus Total URL scan results I added to the openMSX dev builds download lists kinda pointless.

Page 3/3
1 | 2 |