Web forum is in read-only mode. Login as active registered customer for write access
  Forum Search   New Posts New Posts

Last FlexCel VCL Flagged As A Trojan...

 Post Reply Post Reply
Author
Maughan Steve View Drop Down
Senior Member
Senior Member
Avatar

Joined: 06 Sep 2011
Posts: 129
Post Options Post Options   Quote Maughan Steve Quote  Post ReplyReply Direct Link To This Post Topic: Last FlexCel VCL Flagged As A Trojan...
    Posted: 10 May 2019 at 7:57pm
Hi,

I'm setting up a new machine after a catastrophic hard-drive failure. I tried to download the TMS components. Most were OK but the latest VCL version of FlexCel was flagged by Windows Defender as containing a Trojan virus.I assume this is a false positive but I thought I'd let you know.

Also, I've now changed to Panda Security and cannot download the setup due to the 1 download per day policy. Any chance you can give send me another link or reset the count?

Thanks,

Steve
Back to Top
Bruno Fierens View Drop Down
TMS Support
TMS Support
Avatar

Joined: 11 May 2010
Posts: 8060
Post Options Post Options   Quote Bruno Fierens Quote  Post ReplyReply Direct Link To This Post Posted: 10 May 2019 at 9:14pm
The issue with Defender must be a false positive. Unfortunately, these incorrect detections by Defender happend before and apparently keep happening.

We did reset the download counter, so you should be able to download again.
Back to Top
Adrian Gallero View Drop Down
TMS Support
TMS Support
Avatar

Joined: 18 May 2010
Posts: 1233
Post Options Post Options   Quote Adrian Gallero Quote  Post ReplyReply Direct Link To This Post Posted: 10 May 2019 at 9:21pm
This is strange: we've had 2 other users reporting of Windows defender flagging it as a trojan (Foretype.A!ml)., but we couldn't see it in any of our machines, and it is not widespread or we would have thousands of reports from users by now. 

 We've checked the version of the virus definition files with the machines that had the problem, and they were the same version, so I don't know why defender is acting differently in some machines. In fact, those users could get the download by using a different machine with similar settings.
 
For what it is worth, Iíve googled the specific virus warning (I am not sure if it is the same you got), and it seems to be a false positive related to the innosetup installer:

And looking at history, this specific warning does pop up from time to time (we had also another report in 2018 from the FlexCel .NET setup). As there is little in common between the binaries in FlexCel VCL and FlexCel .NET, it is likely that this is indeed related to the innosetup installer which is shared by both. I still don't know why some machines show the warning and most don't.

While we know it is a false positive, you can never be too paranoid in this stuff, so we uploaded the setup to virustotal, and you can see the results here:

As you can see in the list, "Microsoft" shows as clean in virustotal, but not on some machines like yours. In the "Details" tag in that page you can see the SHA1 of the file we uploaded. Just to be 100% sure, when you get the latest version, you can check that the SHA1 is the same, or upload it yourself to virustotal.

About resetting the download count, well, before posting I had to reload the page, and now I see Bruno already did that :)
Back to Top
Maughan Steve View Drop Down
Senior Member
Senior Member
Avatar

Joined: 06 Sep 2011
Posts: 129
Post Options Post Options   Quote Maughan Steve Quote  Post ReplyReply Direct Link To This Post Posted: 10 May 2019 at 9:23pm
Thanks for the reset - installing as I type!

Steve
Back to Top
Kovacs Attila View Drop Down
New Member
New Member
Avatar

Joined: 19 Aug 2016
Posts: 9
Post Options Post Options   Quote Kovacs Attila Quote  Post ReplyReply Direct Link To This Post Posted: 10 May 2019 at 10:24pm
Same here. How did you go over the defender?
Back to Top
Maughan Steve View Drop Down
Senior Member
Senior Member
Avatar

Joined: 06 Sep 2011
Posts: 129
Post Options Post Options   Quote Maughan Steve Quote  Post ReplyReply Direct Link To This Post Posted: 10 May 2019 at 10:56pm
Installed Panda Security which disabled Windows Defender

Steve
Back to Top
Adrian Gallero View Drop Down
TMS Support
TMS Support
Avatar

Joined: 18 May 2010
Posts: 1233
Post Options Post Options   Quote Adrian Gallero Quote  Post ReplyReply Direct Link To This Post Posted: 10 May 2019 at 11:45pm
I think that besides installing a different av, you should be able to temporarily disable the real-time av protection:


Back to Top
Kovacs Attila View Drop Down
New Member
New Member
Avatar

Joined: 19 Aug 2016
Posts: 9
Post Options Post Options   Quote Kovacs Attila Quote  Post ReplyReply Direct Link To This Post Posted: 12 May 2019 at 10:04pm
Thx again Adrian, worked.
Any chance that MS fix its virus signatures?
Back to Top
Adrian Gallero View Drop Down
TMS Support
TMS Support
Avatar

Joined: 18 May 2010
Posts: 1233
Post Options Post Options   Quote Adrian Gallero Quote  Post ReplyReply Direct Link To This Post Posted: 13 May 2019 at 10:42pm
> ny chance that MS fix its virus signatures?

I don't really know, it is not on us. The strange part is that I don't see it here in a full up to date Win10 machine, and most customers don't see it either (or we would be flooded with support mails about it), but some users, with apparently the same Windows settings are seeing it. So I am not really sure on how it can be different in 2 machines with the same Windows installed.
Back to Top
 Post Reply Post Reply

Forum Jump Forum Permissions View Drop Down