GAMADV-XTD3 6.06.09 / 6.06.08 (possibly others) beeing detected as Virus/Trojan.GenericKDZ.76525 and 5.35.08 version clean

168 views
Skip to first unread message

Wilson Jung

unread,
Jul 26, 2021, 1:09:59 PM7/26/21
to GAM for Google Workspace
I tryed to install GAMADV-XTD3 versions 6.06.09 and 6.06.08 in a computer with Bitdefender Solution using the .msi file, but the antivirus blocked gam.exe file throwing the message: 
EPConsole_97yY78VEXC.png

Thinking about a possible false-positive, then I installed the 5.35.08 version using a .msi file too and the Bitdefender Antivirus didn't catch any malware. The installation and usage was successful.

Is there any chance of the versions 6.06.09, 6.06.08 and others maybe are infeccted by a malware?

Regards,

Wilson

Brian Kim

unread,
Jul 26, 2021, 4:57:15 PM7/26/21
to GAM for Google Workspace
Most likely a false positive because of pyinstaller. Not sure about about 5.35.08. Someone could have reported false positive before.

Matthew Weiner

unread,
Jul 27, 2021, 2:45:28 PM7/27/21
to GAM for Google Workspace
I'm seeing it as well, I reported it in as a false positive to BitDefender and they removed it in the latest defintion updates.  According to VirusTotal about a dozen AV vendors were flagging it recently.

Wilson Jung

unread,
Jul 29, 2021, 1:26:11 PM7/29/21
to GAM for Google Workspace
Hum, ok... however I think both version are generated using pyinstaller, so both should be caught by AV. Strange thing, isn't it? Maybe some new code...
But anyway, thank you!

Ross Scroggs

unread,
Jul 29, 2021, 1:30:18 PM7/29/21
to google-ap...@googlegroups.com
Wilson,

The version of pyinstaller that GAM uses is always being updated, so the AV people may not have flagged all versions.

Ross

--
You received this message because you are subscribed to the Google Groups "GAM for Google Workspace" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-apps-man...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/82731a72-36f4-4f63-a4a5-1ec79c9c7cb8n%40googlegroups.com.


--

Wilson Jung

unread,
Aug 11, 2021, 8:39:43 AM8/11/21
to GAM for Google Workspace
Thank you, Ross! Now, I think I got it. 

Best Regards!

Wilson

Allan Johnson

unread,
Feb 10, 2022, 3:02:48 PM2/10/22
to GAM for Google Workspace
Good afternoon,
  • I downloaded gamadv-xtd-6.15.14-windows-x86_64.msi
  • uploaded it to my Google Drive
  • logged into the machine we are running GAM on
  • logged into my Google account
  • Downloaded the .MSI file
Google popped up a window that stated "gamadv-xtd-6.15.14-windows-x86_64.msi" is infected with a virus. This file might harm your computer, so only download this file if you understand the risks.

Is this file safe? Why is Google flagging it?

Thanks,

Allan

Ross Scroggs

unread,
Feb 10, 2022, 3:26:24 PM2/10/22
to google-ap...@googlegroups.com
Allan,
Executables created with pyinstaller get flagged because the bad guys create bad programs with pyinstaller; therefore every program built this way is labelled as suspect. The gam.exe inside the .MSI file is getting flagged.

Ross





--

Allan Johnson

unread,
Feb 11, 2022, 10:00:31 AM2/11/22
to GAM for Google Workspace
Hi Ross,

Thanks so much for your reply. I appreciate it!

-Allan

Reply all
Reply to author
Forward
0 new messages