Page 2 of 2

Re: Virus Alerts

Posted: Wed Sep 13, 2017 5:32 pm
by Zinn
Robert, which version of Windows 10 are you using? 1507, 1511, 1607 or 1703?
On my Windows 10 (1703) I am unable to get BlackBox.exe back again after deleting from defender.
Copy Blackbox.exe from my backup disk or usb-stick the backup file is deleted on my backup device too during the copy process.
The only way I get it running on windows again was: I relink BlackBox.exe on my Linux system (unchanged source) and copied the new exe file to Window.
- Helmut

Re: Virus Alerts

Posted: Wed Sep 13, 2017 8:15 pm
by Robert
Zinn wrote:Robert, which version of Windows 10 are you using? 1507, 1511, 1607 or 1703?
1703
Robert wrote:So far it seems to be the case that once a file is restored it is not deleted again, even if you have not added it to a "White list".
I think I am wrong here - I am still collecting evidence.

Re: Virus Alerts

Posted: Fri Sep 22, 2017 10:34 am
by Robert
To add BlackBox.exe to the Windows Defender White List:
(These instructions are for the UK version of Windows 10 Pro, Version 1703.)
1 - Right click the Windows icon at the left of the bottom tool bar.
2 - Click the popup menu item "Settings".
3 - Click the "Update & security" icon.
4 - Click the "Windows Defender" option in the left menu area.
5 - Click the grey button "Open Windows Defender Security Center".
6 - Click the "Virus & threat protection" icon.
7 - Click the blue text "Virus & threat protection settings".
8 - Click the blue text "Add or remove exclusions". You may need to scroll to see this.
9 - Click the grey "+" "Add an exclusion" button.
10 - Click the popup "File".
11 - Select "...\BlaclBox\BlackBox.exe" (for example). Click "Open".
12 - Click the grey "Do you want to allow this app to make changes …" "Yes" button.
13 - Close down the window "Windows Defender Security Center".
14 - Close down the window "Settings".
To recover an already deleted (quarantined) file, see my posting dated 13-Sep-2017.

Re: Virus Alerts

Posted: Fri Dec 15, 2017 12:31 pm
by Josef Templ
With BlackBox 1.7.1 released now, it seems to be a good time for reporting false positives to the various anti-virus checkers.
I have done it already for BlackBox.exe and blackbox-1.7.1.zip on AVAST, but there are many more (see https://www.virustotal.com/).
The more false positive reports we file the better the chances are that the anti-virus tool providers react.
It also helps if more than a single person files a report.

Microsoft, BTW, is not reporting a false positive.

- Josef

Re: Virus Alerts

Posted: Sat Mar 03, 2018 9:33 am
by Zinn
Today the Microsoft Defender deleted file BlackBox.exe version 1.7.1 (1014) from my computer.
Trojan:Win32/Tiggre!rfn
- Helmut

Re: Virus Alerts

Posted: Sat Mar 03, 2018 10:36 am
by cfbsoftware
If you believe it to be a false positive you can report it here:

https://www.microsoft.com/en-us/wdsi/filesubmission

Re: Virus Alerts

Posted: Thu Jul 05, 2018 8:06 am
by manumart1
The antivirus Panda has told me that to avoid problems with his Antivirus, the best solution is to sign digitally the executable blackbox.exe (for stable version at least).

Now we have the signed file "blackbox-1.7.1-setup-sibfu.exe" (instalable), and that file is not detected by Panda because is signed, but the internal executable blackbox.exe is not signed.

But other Antivirus does not seem to care about the digital signature of "blackbox-1.7.1-setup-sibfu.exe": https://www.virustotal.com/#/file/0ac37 ... /detection

Re: Virus Alerts

Posted: Fri Dec 20, 2019 3:53 pm
by HansKlaver
Today I downloaded "BlackBox Stable Version 1.7.2, Setup" from http://blackboxframework.org/index.php? ... page,en-us

After installation the file BlackBox.exe was removed by Windows 10 Defender Antivirus (being suspect of containing "Trojan:Win32/Tigre!plock").

I reported it as false positive to https://www.microsoft.com/en-us/wdsi/filesubmission

I also noted that the link to "Stable version 1.7.2, Signed" on the Download BlackBox page gives a "404 Not Found" message.

- Hans

Re: Virus Alerts

Posted: Sat Dec 21, 2019 7:29 pm
by Josef Templ
Unfortunately the center currently does not have any code signing certificate at its disposal. That's why the link cannot be resolved.

Josef