openmolecules.org

 
Home » DataWarrior » Installation Issues » Installation file is considered malware by browsers and anti-virus software...
Installation file is considered malware by browsers and anti-virus software... [message #45] Thu, 05 February 2015 10:31 Go to next message
timritchie is currently offline  timritchie
Messages: 2
Registered: February 2015
Location: Ranco, Italy
Junior Member
Hello,
I downloaded the datawarrior.msi file for Windows. This file is considered malicious by browsers and anti-virus software.
Whilst one can go ahead and make the installation and use Datawarrior, it would be very helpful if the file could be authenicated in some way to prevent such alerts.
Regards,
Tim Ritchie.
Re: Installation file is considered malware by browsers and anti-virus software... [message #86 is a reply to message #45] Sat, 08 August 2015 21:47 Go to previous messageGo to next message
DirkTomandl is currently offline  DirkTomandl
Messages: 1
Registered: August 2015
Location: Indianapolis
Junior Member
Same problem at our company:
Today (2015-08-08), Symantec Virus scanner removed the DataWarrior executable from all of our machines!

Messages:
Scan type: Auto-Protect Scan
Event: Security Risk Found!
Security risk detected: Trojan.Gen.2
File: C:\Program Files\DataWarrior\DataWarrior.exe
Location: Deleted or access blocked
User: SYSTEM
Action taken: Delete succeeded : Access denied
Date found: Saturday, August 08, 2015 11:13:23 AM

@Thomas: It is unlikely that your code actually includes a Trojan virus but please check the code to change the libs that may have caused it. Right now we are not able to use DW since it gets automatically removed.
Re: Installation file is considered malware by browsers and anti-virus software... [message #90 is a reply to message #86] Tue, 11 August 2015 16:12 Go to previous messageGo to next message
thomas is currently offline  thomas
Messages: 155
Registered: June 2014
Senior Member
Dear Dirk,

thank you for the hint. Recently, I received a report from another large pharma company, that Symantec Endpoint Protection had classified DataWarrior on one workstation as potential trojan, but SEP kept quite on various other client computers with a comparable setup. Thus, I assumed that the one installation may have been infected after the installation.

After calling Symantec it seems that this and your cases are false positive alerts and that DataWarrior.exe needs to be white-listed in the Symantec virus database. I will try to get that done as fast as possible.

Thanks, Thomas
Re: Installation file is considered malware by browsers and anti-virus software... [message #165 is a reply to message #90] Sun, 27 March 2016 11:12 Go to previous messageGo to next message
joetedesco is currently offline  joetedesco
Messages: 2
Registered: March 2016
Junior Member
on March 27, 2016 The virus TR/Crypt.XPACK.Gen was detected in the datawarrior.exe file when I tried to install the 32-bit-version msi install file onto my windows 10 system.
I have some screenshots of this event to send you, but I have been blocked by your server from posting links to your messages on the first message (??), so I will send them on the NEXT message.
Joe Tedesco

Re: Installation file is considered malware by browsers and anti-virus software... [message #166 is a reply to message #90] Sun, 27 March 2016 11:21 Go to previous messageGo to next message
joetedesco is currently offline  joetedesco
Messages: 2
Registered: March 2016
Junior Member
Hi,

On March 27, 2016 The virus TR/Crypt.XPACK.Gen was detected in the datawarrior.exe file when I tried to install the 32-bit-version msi install file onto my windows 10 system.
I still am blocked by your server from sending http links in this text, so I instead attach 2 pdf files of screenshots (PNG graphics) of my screen to confirm this and to show more details re the 'suspicious' files involved.

I hope this can assist you. I also hope this problem can be rectified soon. I am a new member and look forward to using DataWarrior once this security issue is resolved.
It looks to be a terrific program.

Joe Tedesco
Re: Installation file is considered malware by browsers and anti-virus software... [message #169 is a reply to message #165] Thu, 07 April 2016 23:08 Go to previous message
thomas is currently offline  thomas
Messages: 155
Registered: June 2014
Senior Member
There were a few single reports about Symantec reporting a virus. However, it is highly unlikely that the executable is infected, because it is now about 9 months old, during this time it was installed and is used by a few thousand people. The executable was build on a Linux computer and the installer was built on a dedicated virtual Windows machine, which is exclusively started and used for building the msi-file and for testing, whether the msi works.
I assume that it is a false alert or that the file got infected after unpacking it from the msi.
For the upcoming version I will publish the MD5 hash codes of the installer files to allowing checking, whether they
are still the original ones.

Thomas
Previous Topic: Installing DW on a Mac with 1.8.0_65 java
Next Topic: Problem with importing macros from previous versions
Goto Forum:
  


Current Time: Sat Oct 20 04:55:21 CEST 2018

Total time taken to generate the page: 0.00569 seconds