CBMSTUFF FORUM
Cannot install SCP anymore, virus found - Printable Version

+- CBMSTUFF FORUM (https://www.cbmstuff.com/forum)
+-- Forum: CBMSTUFF PRODUCTS (https://www.cbmstuff.com/forum/forumdisplay.php?fid=1)
+--- Forum: SuperCard Pro (https://www.cbmstuff.com/forum/forumdisplay.php?fid=3)
+---- Forum: Installation and setup (https://www.cbmstuff.com/forum/forumdisplay.php?fid=5)
+---- Thread: Cannot install SCP anymore, virus found (/showthread.php?tid=728)

Pages: 1 2


Cannot install SCP anymore, virus found - Pitou - 06-19-2020

Hello,

Since yesterday with the Win10 2004 update, it seems Defender detects SCP as a trojan.

Can anyone confirm?

Thank you.

Pitou!


RE: Cannot install SCP anymore, virus found - admin - 06-19-2020

It's definitely not a virus. Smile What anti-virus are you using?


RE: Cannot install SCP anymore, virus found - hpp - 06-20-2020

I had the same issue when I installed the software yesterday.

If you go to Settings | Update & Security | Windows Security | Virus & threat protection | Protection history, you will probably find entries. There it is possible to allow the application to run. You will probably find that Windows has also quarantined the executable file from the C:\Program Files (x86)\SCP directory, the executable will be restored to its original location

I have already reported at Microsoft that this executable is not a virus.

I hope this helps.

Hans-Peter


RE: Cannot install SCP anymore, virus found - admin - 06-20-2020

SCP is a Microsoft Visual Basic application, generated by Microsoft's own program! Smile

I don't see any warning. I have updated all of my machines to the latest Windows 10. Are you running some anti-virus software of some kind?


RE: Cannot install SCP anymore, virus found - hpp - 06-20-2020

I am not running any additional anti-virus software.

Windows 10 is detecting scp.exe as a possible Trojan:Win32/Wacatac.C!ml
Also, an additional 14 out of 71 engines on Virus Total (https://www.virustotal.com) are detecting a trojan.

It detects the following:
file: C:\Program Files (x86)\SCP\SCP.exe
file: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SCP\SCP.lnk
startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SCP\SCP.lnk

I am not an expert on this, but I don't think it necessarily means that there is something wrong with the program itself, it might have to do with the things the program is doing. I do think it is important to check how to prevent the application from being marked as a trojan.


RE: Cannot install SCP anymore, virus found - admin - 06-20-2020

I will have to look into this. It literally is just an application. It doesn't even contain resources (like my firmware updater does).


RE: Cannot install SCP anymore, virus found - admin - 06-20-2020

Ok, I have sent emails to all of these companies to white list the program. The ironic thing is that most of those companies are not even PC related. They are for Android devices.

Also, if you use their scanner (or even VirusTotal) to scan the file from a URL, there are no issues at all.

https://www.cbmstuff.com/downloads/temp/SCP.exe

So, I am not sure why some of these companies trigger a false positive.


RE: Cannot install SCP anymore, virus found - admin - 06-20-2020

Well, it seems according to a quick google search that the new Windows update has triggered all kinds of problems like this with other software!


RE: Cannot install SCP anymore, virus found - hpp - 06-20-2020

Yes, this is not uncommon and has happened many times before. It is, It probably is the heuristic scanning that is causing the problem, this is probably not a specific signature that is recognized. But as said, I am not an expert on this.


RE: Cannot install SCP anymore, virus found - Jeff - 06-27-2020

I confirm, same here. Here the reports with the current SCP software :

[Image: antivirus_issue_1.png]

[Image: antivirus_issue_2.png]

Btw I got the same issue with one of my software last week. I finally managed to "cure" it...
The Windows antivirus and some others are now very sensitive with non-signed executable/DLL.
From my analysis and tests any non-signed executable linked the Windows network API are now considered suspect.
As workaround my executable is not linked to the network DLL anymore and i use the LoadLibrary / GetProcAddress API to get the network functions pointers when needed. And i have also obfuscated the dll and functions names...
Another point : Avoid to use any executable packer - the packed executable will be for sure a suspect... spywares and virus use the same packers and have some common signatures Wink

This appears to have fixed the issue... For the moment.... But i have the feeling that it will be harder and harder to provide non-signed executable sooner.

Anyway take care with these false alerts : Your website can be blacklisted, unlisted on the search engines and even blocked on some browsers. I got this issue recently because of a false positive on a file present on my website... (This file was on a page since 15 years without causing any issue...)