Windows 10 claims trojan Win32/Vigorf.A is present in rubyinstaller-devkit-2.4.4-2-x64.exe
5,600 views
Skip to first unread message
Jason
Jun 27, 2018, 12:43:14 PM6/27/18
to RubyInstaller
Using Windows 10 Pro, up to date:
Version 10.0.17134 Build 17134
When attempting to download the following file using Chrome, as linked in https://rubyinstaller.org/downloads/ :
...Windows Defender quarantines the file, claiming the trojan Win32/Vigorf.A is present. I assume this is a false positive, but haven't risked installing it anyway.
I have attached a screenshot of the warning.
entro...@gmail.com
Jun 29, 2018, 3:36:48 AM6/29/18
to RubyInstaller
I also have this error. Win10 Pro as well.
Justin Baker
Jun 29, 2018, 2:32:10 PM6/29/18
to rubyin...@googlegroups.com
This happens from time to time.
With the devkit especially it's probably flagging some of the scripts.
With the latest Defender definitions it took about 5 minutes to scan but didn't warn me of any threats.
However, since the installer is so large it can't be submitted to the Windows Defender Team.
The only real alternative I can think of would be to sign the installer packages again, but it's a lot of work.
Luckily MYSYS2 is widely used and someone somewhere will probably tag the offending file as a false positive.
Anyway, sorry for the inconvenience. Hopefully this sheds some light on the problem though.
Justin
entro...@gmail.com
Jun 29, 2018, 5:06:05 PM6/29/18
to RubyInstaller
Thanks for that, I'll go ahead and whitelist the file now. Microsoft allows submission of files <50mb, I'll do a partial zip of it and upload it. Then explain in the description, asking them to whitelist all the products from rubyinstaller.
Lars Kanis
Jun 29, 2018, 5:33:46 PM6/29/18
to rubyin...@googlegroups.com, Justin Baker
Thank you Justin, I didn't know that this is a known problem. You even got a Microsoft representative! I updated this issue in github today: https://github.com/oneclick/rubyinstaller2/issues/120
Actually I was able to upload the 120Mbyte file to Microsoft. But in the it seems that the false positive has been fixed anyway in the meantime.
I'll try to re-introduce signatures to the executables, although I'm uncertain if it really helps against classification as malware. Do you have an evidence that this is related?
--
Kind Regards,
Lars
Actually I was able to upload the 120Mbyte file to Microsoft. But in the it seems that the false positive has been fixed anyway in the meantime.
I'll try to re-introduce signatures to the executables, although I'm uncertain if it really helps against classification as malware. Do you have an evidence that this is related?
--
Kind Regards,
Lars
Justin Baker
Jun 29, 2018, 7:16:42 PM6/29/18
to rubyin...@googlegroups.com
Hey Lars, there was a mention that digital signatures do help. They change the behavior of Defender.
There are is another mention a couple of comments down as well.
Hope that helps.
Justin
Reply all
Reply to author
Forward
0 new messages