openmolecules.org Forum: Installation Issues » Installation file is considered malware by browsers and anti-virus software...

Home » DataWarrior » Installation Issues » Installation file is considered malware by browsers and anti-virus software...

Show: Today's Messages :: Polls :: Message Navigator

Installation file is considered malware by browsers and anti-virus software... [message #45]

Thu, 05 February 2015 10:31

timritchie
Messages: 15
Registered: February 2015
Location: St Albans, UK

Junior Member

Hello,
I downloaded the datawarrior.msi file for Windows. This file is considered malicious by browsers and anti-virus software.
Whilst one can go ahead and make the installation and use Datawarrior, it would be very helpful if the file could be authenicated in some way to prevent such alerts.
Regards,
Tim Ritchie.

Report message to a moderator

Re: Installation file is considered malware by browsers and anti-virus software... [message #86 is a reply to message #45]

Sat, 08 August 2015 21:47

DirkTomandl
Messages: 1
Registered: August 2015
Location: Indianapolis

Junior Member

Same problem at our company:
Today (2015-08-08), Symantec Virus scanner removed the DataWarrior executable from all of our machines!

Messages:
Scan type: Auto-Protect Scan
Event: Security Risk Found!
Security risk detected: Trojan.Gen.2
File: C:\Program Files\DataWarrior\DataWarrior.exe
Location: Deleted or access blocked
User: SYSTEM
Action taken: Delete succeeded : Access denied
Date found: Saturday, August 08, 2015 11:13:23 AM

@Thomas: It is unlikely that your code actually includes a Trojan virus but please check the code to change the libs that may have caused it. Right now we are not able to use DW since it gets automatically removed.

Report message to a moderator

Re: Installation file is considered malware by browsers and anti-virus software... [message #90 is a reply to message #86]

Tue, 11 August 2015 16:12

thomas
Messages: 715
Registered: June 2014

Senior Member

Dear Dirk,

thank you for the hint. Recently, I received a report from another large pharma company, that Symantec Endpoint Protection had classified DataWarrior on one workstation as potential trojan, but SEP kept quite on various other client computers with a comparable setup. Thus, I assumed that the one installation may have been infected after the installation.

After calling Symantec it seems that this and your cases are false positive alerts and that DataWarrior.exe needs to be white-listed in the Symantec virus database. I will try to get that done as fast as possible.

Thanks, Thomas

Report message to a moderator

Re: Installation file is considered malware by browsers and anti-virus software... [message #165 is a reply to message #90]

Sun, 27 March 2016 11:12

joetedesco
Messages: 2
Registered: March 2016

Junior Member

on March 27, 2016 The virus TR/Crypt.XPACK.Gen was detected in the datawarrior.exe file when I tried to install the 32-bit-version msi install file onto my windows 10 system.
I have some screenshots of this event to send you, but I have been blocked by your server from posting links to your messages on the first message (??), so I will send them on the NEXT message.
Joe Tedesco

Report message to a moderator

Re: Installation file is considered malware by browsers and anti-virus software... [message #166 is a reply to message #90]

Sun, 27 March 2016 11:21

joetedesco
Messages: 2
Registered: March 2016

Junior Member

Hi,

On March 27, 2016 The virus TR/Crypt.XPACK.Gen was detected in the datawarrior.exe file when I tried to install the 32-bit-version msi install file onto my windows 10 system.
I still am blocked by your server from sending http links in this text, so I instead attach 2 pdf files of screenshots (PNG graphics) of my screen to confirm this and to show more details re the 'suspicious' files involved.

I hope this can assist you. I also hope this problem can be rectified soon. I am a new member and look forward to using DataWarrior once this security issue is resolved.
It looks to be a terrific program.

Joe Tedesco

Attachment: more_info_re_virus_detected_Screenshot 2016-03-27 04.24.18.pdf
(Size: 196.60KB, Downloaded 1133 times)
Attachment: virus_detected_Screenshot 2016-03-27 04.24.18.pdf
(Size: 174.23KB, Downloaded 1233 times)

Report message to a moderator

Re: Installation file is considered malware by browsers and anti-virus software... [message #169 is a reply to message #165]

Thu, 07 April 2016 23:08

thomas
Messages: 715
Registered: June 2014

Senior Member

There were a few single reports about Symantec reporting a virus. However, it is highly unlikely that the executable is infected, because it is now about 9 months old, during this time it was installed and is used by a few thousand people. The executable was build on a Linux computer and the installer was built on a dedicated virtual Windows machine, which is exclusively started and used for building the msi-file and for testing, whether the msi works.
I assume that it is a false alert or that the file got infected after unpacking it from the msi.
For the upcoming version I will publish the MD5 hash codes of the installer files to allowing checking, whether they
are still the original ones.

Thomas

Report message to a moderator

Previous Topic:	Installing DW on a Mac with 1.8.0_65 java
Next Topic:	Problem with importing macros from previous versions

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

] [

]

Current Time: Thu Nov 21 23:52:14 CET 2024

Total time taken to generate the page: 0.03415 seconds