Shop OBEX P1 Docs P2 Docs Learn Events
spin2gui 1.3.3 and the other gui's my antivirus programs are interfereing — Parallax Forums

spin2gui 1.3.3 and the other gui's my antivirus programs are interfereing

pilot0315pilot0315 Posts: 910
in Propeller 2
FYI AVG AND AVAST DO NOT LIKE THESE GUI'S any ideas. I have uninstalled and cleaned registries and trying again.

Comments

  • KMyersKMyers Posts: 433
    Malware Byte also dont like them.
  • RaymanRayman Posts: 14,646
    edited 2019-01-09 18:53
    I have a problem too on my work pc... Tried to download loadp2.exe and it appeared to work, but when I tried to run it, the computer erased the file!

    I think I can get around by copying to thumbdrive or iCloud. Just can't download and run...

    I can override at home....

    Might have to get tools digitally signed eventually...
  • cheezuscheezus Posts: 298
    This is a problem I've had as well. Windows defender flagged the loadp2.exe as Hacktool:Win32/Keygen . I was able to allow the file fairly easily (it was 4am so I don't quite remember how.) Hopefully if you go to your antivirus program you should be able to find in a quarantine and allow? A quick google search should help for home users. Work pcs and educational environments are going to be trickier. Again, you should be able to tell your antivirus software (at home) that this is NOT a virus. Check your antivirus software!
  • msrobotsmsrobots Posts: 3,709
    I have this problem a lot since I besides COBOL and C# (VS studio) also program in pure assembler with FASM.

    And all the AV software out there does not like software it hasn't seen yet. I don't have that problem with VS, but VS is signing my projects. The assembler generated files, even if just using standard windows API calls are considered as DANGEROUS.

    It is sometimes comical, when you forget to exclude your new FASM project from AVAST. You compile your executable, you see it in the directory, you start it and its already gone.



    Enjoy!

    Mike
  • Buck RogersBuck Rogers Posts: 2,185
    Hello!
    I've had that problem with other stuff, as applied to releases of NAV, which I've paid for even. It would see something that it didn't like and promptly snatch it and send it off to quarantine. And from there I'd tell the program to send it back and ignore it.

    Incidentally those things you're seeing are false positives.

    The majority of AV programs are capable of being told to ignore stuff and that might be possible regarding the ones you all have described. I know it is available from Norton.
    ----
    Now this one is sponsored by Perry Mason Attorney at Law and Paul Drake Private Detective.
  • ersmithersmith Posts: 6,053
    pilot0315 wrote: »
    FYI AVG AND AVAST DO NOT LIKE THESE GUI'S any ideas. I have uninstalled and cleaned registries and trying again.

    What error messages are you getting, exactly? And what "other GUIs" do you mean? Does it apply to all versions of spin2gui?

    I compile spin2gui.exe myself on a Linux machine, so it's highly unlikely that it's infected with a Windows virus.
  • pilot0315pilot0315 Posts: 910
    I guess that they are false positives . How to fix???????
    AVG and Avast say that the spin2gui is malicious software?
  • Buck RogersBuck Rogers Posts: 2,185
    pilot0315 wrote: »
    I guess that they are false positives . How to fix???????
    AVG and Avast say that the spin2gui is malicious software?

    And that is because these freely available anti-virus programs do not recognize an example of freely available software. Now what are you seeing? Simply tell the program to ignore them.
  • cheezuscheezus Posts: 298
    The problem is "loadP2.exe" being detected as a 'keygen' by the heuristic virus detection in modern antiviruses. I'm guessing because it accesses the com ports and because it's not signed my M$? Looking at the windows defender entry I get ;
    https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=HackTool:Win32/Keygen


    "Malware is often installed along with this tool." So not even that there's a detection with the file, but it's the type of file that maleware is often installed WITH.
  • Buck RogersBuck Rogers Posts: 2,185
    cheezus wrote: »
    The problem is "loadP2.exe" being detected as a 'keygen' by the heuristic virus detection in modern antiviruses. I'm guessing because it accesses the com ports and because it's not signed my M$? Looking at the windows defender entry I get ;
    https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=HackTool:Win32/Keygen


    "Malware is often installed along with this tool." So not even that there's a detection with the file, but it's the type of file that maleware is often installed WITH.

    Well yeah that will work. It's one of two reasons why I disregard everything about Windows Defender. And what malware is it thinking of?
  • cheezuscheezus Posts: 298
    Buck Rogers wrote: »
    cheezus wrote: »
    The problem is "loadP2.exe" being detected as a 'keygen' by the heuristic virus detection in modern antiviruses. I'm guessing because it accesses the com ports and because it's not signed my M$? Looking at the windows defender entry I get ;
    https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=HackTool:Win32/Keygen


    "Malware is often installed along with this tool." So not even that there's a detection with the file, but it's the type of file that maleware is often installed WITH.

    Well yeah that will work. It's one of two reasons why I disregard everything about Windows Defender. And what malware is it thinking of?

    It's not just windows defender, it's a common antivirus signature. Again, I believe it's because of the way it accesses hardware (com port) and because it's not digitally signed. The file detection type for windows defender is "HackTool:Win32/Keygen". I'll try to see if I can get Malwarebytes info as well.
  • potatoheadpotatohead Posts: 10,261
    edited 2019-01-11 16:54
    I have just set a directory to be ignored in the past.

    Doing that can work pretty well.
  • MIchael_MichalskiMIchael_Michalski Posts: 138
    edited 2019-01-11 19:18
    Have you reported it to the antivirus companies. They cant fix it if they dont know. Send your antivirus company a copy of the file and an explanation of the issue. If they ignore you, maybe someone from parallax could send the emails out to the big AV vendors. "your AV software is registering a false positive on our P2Loader software" or some such.
  • ersmithersmith Posts: 6,053
    Is this complaint about loadp2.exe something new, that just started with spin2gui 1.3.3, or does it happen with earlier versions of spin2gui too?

    I changed the compiler I used (upgraded debian), so that might have some influence on the output binary. I *highly* doubt that there's a virus (as I said, I cross-compile on Linux to produce the Windows binary) but perhaps using the older compiler version might remove the false positive?
  • Buck RogersBuck Rogers Posts: 2,185
    edited 2019-01-12 02:01
    And I agree with you both. When it comes to software that NAV isn't thrilled with, that was written by all of you, I would indeed do that as I described before.

    Which was retrieve the program from the quarantine place, and mark it to be ignored by NAV.

    The big question remains is one of why are the freely available ones behaving stranger then usual.

    However, what methods were used to create these binaries? I know its a case of special magic used for cross compiling, but there are methods, and there are of course methods. (And I almost forgot!)
    __
    And this message was brought to you by the numbers 0 and 1, and then sponsored by the management snakes of the Mojave Desert. And the bob cats.
  • cheezuscheezus Posts: 298
    edited 2019-01-12 04:15
    ersmith wrote: »
    Is this complaint about loadp2.exe something new, that just started with spin2gui 1.3.3, or does it happen with earlier versions of spin2gui too?

    I changed the compiler I used (upgraded debian), so that might have some influence on the output binary. I *highly* doubt that there's a virus (as I said, I cross-compile on Linux to produce the Windows binary) but perhaps using the older compiler version might remove the false positive?

    I'm fairly new to spin2gui personally, I think 1.3.0 was my first DL. If you want to point me a link to a pre-upgrade distribution I'll take a look. I can run that through a full test, as well as the current version to find out what detections are created by what software.

    *edit

    Just checked 1.3.3 with TrendMicro housecall (my goto) and there's no detection.
  • RaymanRayman Posts: 14,646
    I don't think there's a real virus here, just rare software...
  • cheezuscheezus Posts: 298
    Rayman wrote: »
    I don't think there's a real virus here, just rare software...


    I'm 150% sure there's no virus. But for others who are more cautious or less knowledgeable this could be a big gotcha. Imagine you know nothing of computers and you see that message, or better yet, you use the computer after your kid (or grandkids) and get a notification from their antivirus... So they call their computer "rip off place" and end up getting charged a couple hundred bucks for nothing. Okay, maybe not the most likely scenario but you can see how this could cause problems. I only offer to do testing to free up others who are way more productive with the new chip than I am.
  • Buck RogersBuck Rogers Posts: 2,185
    Rayman wrote: »
    I don't think there's a real virus here, just rare software...

    I agree. Definitely jazz software at work. But why is there a big domestic sitting next to you offering witty comments?



    --
    And this message is sponsored by the Paul Drake Detective agency, in the Brent Building in LA.
  • pilot0315pilot0315 Posts: 910
    Deleted all antiviral and associated registries. Relaunched and put in exceptions. Still get scanned. Waiting for results.
    Thanks to all
  • pilot0315pilot0315 Posts: 910
    I think the above worked.
Sign In or Register to comment.