Virus Alerts

Usage of the framework, compiler and tools
Zinn
Posts: 123
Joined: Mon Nov 24, 2014 10:47 am
Location: Frankfurt am Main
Contact:

Re: Virus Alerts

Post by Zinn »

Robert, which version of Windows 10 are you using? 1507, 1511, 1607 or 1703?
On my Windows 10 (1703) I am unable to get BlackBox.exe back again after deleting from defender.
Copy Blackbox.exe from my backup disk or usb-stick the backup file is deleted on my backup device too during the copy process.
The only way I get it running on windows again was: I relink BlackBox.exe on my Linux system (unchanged source) and copied the new exe file to Window.
- Helmut
User avatar
Robert
Posts: 177
Joined: Sat Sep 28, 2013 11:04 am
Location: Edinburgh, Scotland

Re: Virus Alerts

Post by Robert »

Zinn wrote:Robert, which version of Windows 10 are you using? 1507, 1511, 1607 or 1703?
1703
Robert wrote:So far it seems to be the case that once a file is restored it is not deleted again, even if you have not added it to a "White list".
I think I am wrong here - I am still collecting evidence.
User avatar
Robert
Posts: 177
Joined: Sat Sep 28, 2013 11:04 am
Location: Edinburgh, Scotland

Re: Virus Alerts

Post by Robert »

To add BlackBox.exe to the Windows Defender White List:
(These instructions are for the UK version of Windows 10 Pro, Version 1703.)
1 - Right click the Windows icon at the left of the bottom tool bar.
2 - Click the popup menu item "Settings".
3 - Click the "Update & security" icon.
4 - Click the "Windows Defender" option in the left menu area.
5 - Click the grey button "Open Windows Defender Security Center".
6 - Click the "Virus & threat protection" icon.
7 - Click the blue text "Virus & threat protection settings".
8 - Click the blue text "Add or remove exclusions". You may need to scroll to see this.
9 - Click the grey "+" "Add an exclusion" button.
10 - Click the popup "File".
11 - Select "...\BlaclBox\BlackBox.exe" (for example). Click "Open".
12 - Click the grey "Do you want to allow this app to make changes …" "Yes" button.
13 - Close down the window "Windows Defender Security Center".
14 - Close down the window "Settings".
To recover an already deleted (quarantined) file, see my posting dated 13-Sep-2017.
Josef Templ
Posts: 262
Joined: Tue Sep 17, 2013 6:50 am

Re: Virus Alerts

Post by Josef Templ »

With BlackBox 1.7.1 released now, it seems to be a good time for reporting false positives to the various anti-virus checkers.
I have done it already for BlackBox.exe and blackbox-1.7.1.zip on AVAST, but there are many more (see https://www.virustotal.com/).
The more false positive reports we file the better the chances are that the anti-virus tool providers react.
It also helps if more than a single person files a report.

Microsoft, BTW, is not reporting a false positive.

- Josef
Zinn
Posts: 123
Joined: Mon Nov 24, 2014 10:47 am
Location: Frankfurt am Main
Contact:

Re: Virus Alerts

Post by Zinn »

Today the Microsoft Defender deleted file BlackBox.exe version 1.7.1 (1014) from my computer.
Trojan:Win32/Tiggre!rfn
- Helmut
cfbsoftware
Posts: 55
Joined: Wed Sep 18, 2013 10:06 pm
Contact:

Re: Virus Alerts

Post by cfbsoftware »

If you believe it to be a false positive you can report it here:

https://www.microsoft.com/en-us/wdsi/filesubmission
manumart1
Posts: 67
Joined: Tue Sep 17, 2013 6:25 am

Re: Virus Alerts

Post by manumart1 »

The antivirus Panda has told me that to avoid problems with his Antivirus, the best solution is to sign digitally the executable blackbox.exe (for stable version at least).

Now we have the signed file "blackbox-1.7.1-setup-sibfu.exe" (instalable), and that file is not detected by Panda because is signed, but the internal executable blackbox.exe is not signed.

But other Antivirus does not seem to care about the digital signature of "blackbox-1.7.1-setup-sibfu.exe": https://www.virustotal.com/#/file/0ac37 ... /detection
HansKlaver
Posts: 16
Joined: Sun Oct 13, 2013 10:46 pm
Location: Aerdenhout, The Netherlands

Re: Virus Alerts

Post by HansKlaver »

Today I downloaded "BlackBox Stable Version 1.7.2, Setup" from http://blackboxframework.org/index.php? ... page,en-us

After installation the file BlackBox.exe was removed by Windows 10 Defender Antivirus (being suspect of containing "Trojan:Win32/Tigre!plock").

I reported it as false positive to https://www.microsoft.com/en-us/wdsi/filesubmission

I also noted that the link to "Stable version 1.7.2, Signed" on the Download BlackBox page gives a "404 Not Found" message.

- Hans
Josef Templ
Posts: 262
Joined: Tue Sep 17, 2013 6:50 am

Re: Virus Alerts

Post by Josef Templ »

Unfortunately the center currently does not have any code signing certificate at its disposal. That's why the link cannot be resolved.

Josef
Post Reply