Print Page | Close Window

Last FlexCel VCL Flagged As A Trojan...

Printed From: TMS Software
Category: VCL Components
Forum Name: VCL / FMX Flexcel
Forum Discription:
URL: http://www.tmssoftware.com/site/forum/forum_posts.asp?TID=13406
Printed Date: 23 Oct 2019 at 12:13am


Topic: Last FlexCel VCL Flagged As A Trojan...
Posted By: Maughan Steve
Subject: Last FlexCel VCL Flagged As A Trojan...
Date Posted: 10 May 2019 at 7:57pm
Hi,

I'm setting up a new machine after a catastrophic hard-drive failure. I tried to download the TMS components. Most were OK but the latest VCL version of FlexCel was flagged by Windows Defender as containing a Trojan virus.I assume this is a false positive but I thought I'd let you know.

Also, I've now changed to Panda Security and cannot download the setup due to the 1 download per day policy. Any chance you can give send me another link or reset the count?

Thanks,

Steve



Replies:
Posted By: Bruno Fierens
Date Posted: 10 May 2019 at 9:14pm
The issue with Defender must be a false positive. Unfortunately, these incorrect detections by Defender happend before and apparently keep happening.

We did reset the download counter, so you should be able to download again.


Posted By: Adrian Gallero
Date Posted: 10 May 2019 at 9:21pm
This is strange: we've had 2 other users reporting of Windows defender flagging it as a trojan (Foretype.A!ml)., but we couldn't see it in any of our machines, and it is not widespread or we would have thousands of reports from users by now. 

 We've checked the version of the virus definition files with the machines that had the problem, and they were the same version, so I don't know why defender is acting differently in some machines. In fact, those users could get the download by using a different machine with similar settings.
 
For what it is worth, Iíve googled the specific virus warning (I am not sure if it is the same you got), and it seems to be a false positive related to the innosetup installer:
https://forum.vivaldi.net/topic/31365/solved-trojan-script-foretype-a-ml-after-installing-download-from-official-site-likely-false-alarm - https://forum.vivaldi.net/topic/31365/solved-trojan-script-foretype-a-ml-after-installing-download-from-official-site-likely-false-alarm

And looking at history, this specific warning does pop up from time to time (we had also another report in 2018 from the FlexCel .NET setup). As there is little in common between the binaries in FlexCel VCL and FlexCel .NET, it is likely that this is indeed related to the innosetup installer which is shared by both. I still don't know why some machines show the warning and most don't.

While we know it is a false positive, you can never be too paranoid in this stuff, so we uploaded the setup to virustotal, and you can see the results here:
https://www.virustotal.com/gui/file/6046135a3466be599c6c35ea3a0217f6d373a5f3bab4c2b58a543de8362480bf/detection - https://www.virustotal.com/gui/file/6046135a3466be599c6c35ea3a0217f6d373a5f3bab4c2b58a543de8362480bf/detection

As you can see in the list, "Microsoft" shows as clean in virustotal, but not on some machines like yours. In the "Details" tag in that page you can see the SHA1 of the file we uploaded. Just to be 100% sure, when you get the latest version, you can check that the SHA1 is the same, or upload it yourself to virustotal.

About resetting the download count, well, before posting I had to reload the page, and now I see Bruno already did that :)


Posted By: Maughan Steve
Date Posted: 10 May 2019 at 9:23pm
Thanks for the reset - installing as I type!

Steve


Posted By: Kovacs Attila
Date Posted: 10 May 2019 at 10:24pm
Same here. How did you go over the defender?


Posted By: Maughan Steve
Date Posted: 10 May 2019 at 10:56pm
Installed Panda Security which disabled Windows Defender

Steve


Posted By: Adrian Gallero
Date Posted: 10 May 2019 at 11:45pm
I think that besides installing a different av, you should be able to temporarily disable the real-time av protection:

https://support.microsoft.com/en-au/help/4027187/windows-10-turn-off-antivirus-protection-windows-security - https://support.microsoft.com/en-au/help/4027187/windows-10-turn-off-antivirus-protection-windows-security



Posted By: Kovacs Attila
Date Posted: 12 May 2019 at 10:04pm
Thx again Adrian, worked.
Any chance that MS fix its virus signatures?


Posted By: Adrian Gallero
Date Posted: 13 May 2019 at 10:42pm
> ny chance that MS fix its virus signatures?

I don't really know, it is not on us. The strange part is that I don't see it here in a full up to date Win10 machine, and most customers don't see it either (or we would be flooded with support mails about it), but some users, with apparently the same Windows settings are seeing it. So I am not really sure on how it can be different in 2 machines with the same Windows installed.



Print Page | Close Window