Propeller Tools Windows download page was blocked by anti-virus
MacTuxLin
Posts: 821
in Propeller 1
I was trying to download the latest Propeller Tool Software for Windows (Spin & Assembly) on this site and Avast warned me this. Is there another link I could download?
900 x 925 - 55K
Comments
I agree with the gentleman wearing an odd hat and near a place started by a grouchy chap named Teller. Yes you can do all of that. I'm surprised that Avast would be that peculiar.
I'm on Windows 10 Pro 64-bit using Avast secure browser. Guess it just overly securing the users...
Anyway, downloaded on my Linux box, transferred to my Windows machine & install .... then Avast stopped me again with this what "FileRepMalware". Should I be concern or just ignore Avast?
Avast reports a lot of things as false positives. Tell the product that it's indeed a false positive and do what you need to.
I'm using the Work PC. And clicked to download PropTool from *NEW* website.
Did not get the same warning downloading fro old website...
Here's the exact message I sent them via their online form:
Customers report AVG blocked our software download page in browser due to URL:Blacklist. We've rechecked our software via VirusTotal and see no cause for real concern: 1) Main executable in our installer: https://www.virustotal.com/gui/file/2161d88e19734b631801c88a2e497882bff43baf4a5765de65b72b02b449fe14/detection 2) Installer package: https://www.virustotal.com/gui/file/36f2faf8787ba9abf6d4b2d164a5cb98ce930e7917e604375ae86a2824accdda/detection Please advise.
I gave them this URL to check related to this: https://www.parallax.com/package/propeller-tool-software-for-windows-spin-assembly-2/
I'll await their official response after analysis via email.
I'm still wondering why Avast would allow that to happen. We may never really know.
Most antimalware systems now rely heavily on a profiling, heuristic, and reputation approach to try to stop new/undiscovered attacks sooner. Unfortunately, there's always collateral damage - it's kind of a guilty-until-proven-innocent kind of technique. If software/sites exhibit behaviors that happen to be similar to behaviors in previously known-malicious systems, it's flagged and blocked. For example, if the software is new, it's SHA hash hasn't been seen in the wild and so it doesn't have any reputation yet - that's "suspicious." This approach seems to extend to the executable binary's look-and-feel as well, causing false-positives sometimes from the simple use of a particular compiler, library, and installer system/techniques, etc., that happened to be used in known-malware, even if the relationship is a loose one. Some of this is conjecture: I haven't read any direct, authoritative commentary on that particular thing, but it's what all the research and indirect evidence I've come across seems to point to.
Regarding the latter, I think we have prevented many future false-positives based on our efforts a few months ago to submit false-positive requests-for-review with leading antimalware systems, and seen their action in confirming it was false and updating their databases. It appears that many systems rely on a common malware database too, as I've seen exact or similarly-named "detections" from different systems on the same source, and once I confirmed false-positive through the biggest/widely-used antimalware system of that group, the rest automatically stopped falsely triggering within hours/days. It was amazing, and I was very thankful, to see that happen.
By the way: I'm not faulting or complaining about the antimalware strategy, I haven't thought of a better protection mechanism, but it sure makes for an uphill battle for all the innocents. Even Apple's new centralized pre-scan + GateKeeper system in macOS Catalina+ (which I thought was both fantastic and also a pain the butt) has been thwarted by deviant minds.
IDK how anyone but the Suits™ at Apple thinks that's a good system - it's right in the name, it literally gatekeeps what software someone without the knowledge or ability to turn it off can run based on whether the devloper gave Apple fat stacks of cash for literally nothing.
Hello!
Frank which one are you thinking of? And @"Jeff Martin" every time on the new site I try to go to downloads for the Prop 1, Chrome gives me a difficult to parse error message. Something about too many redirects. (It then wanted me to clear my cookies on it.) I did that, and it still happened. On the old site I saw the same version of the P1 tool, and the ones aimed towards the P2 designs.