Shell extension

Board index

Page 1 of 1 (4 posts)

Tags:

chrisedgington Registered Member Posts 5 Karma 0	Shell extension Mon May 09, 2016 7:11 am Firstly, apologies if this is posted in the wrong place. I downloaded and installed the krita shell extension v1.1.0.1 linked from the development builds page this morning. Windows defender has identified this as containing the win 32 Fathale.B!plock Trojan which I am now in the process of attempting to remove. Links below: https://krita.org/item/new-development-builds-ready/ https://www.microsoft.com/security/port ... terprise=0 I figured you guys would like to know,
halla KDE Developer Posts 5092 Karma 20 OS	Re: Shell extension Mon May 09, 2016 7:20 am I'm pretty sure it's a false positive.
alvinwong Registered Member Posts 117 Karma 0 OS	Re: Shell extension Mon May 09, 2016 8:58 am It is a false positive. We are aware that some antivirus tools have been flagging NSIS-made installers, but unfortunately we can't do much except submitting them to the AV vendors for analysis (which I didn't do anyway.) Though, I have been using Microsoft Security Essentials on Windows 7, which is essentially (pun not intended) the same as Windows Defender on later releases of Windows, and I haven't got any false positives on any of the installers I have built during last week. Could you try updating the definition database in Windows Defender to the latest version and scan it again? Maybe it's using an old definition? You can refer to the VirusTotal scan results. At the moment of this reply only 3 out of 56 AV tools are flagging it as malicious. https://virustotal.com/en/file/842302f52f729beac0b1675363c4a6b08daa3cdd52c7e5abe97f8b9d06d1b815/analysis/1462779802/ Given all these false-positive results, I guess I may have to move away from NSIS...
chrisedgington Registered Member Posts 5 Karma 0	Re: Shell extension Mon May 09, 2016 9:06 am Thank you both For the benefit of others who might get this problem: I installed the extension and it seems to be working as intended. Windows defender identified it as malware but did not stop it installing. The installer file became quarantined (but installed fine, see above) I have run a full scan and it has come up clean. Still, it's a bit disconcerting when that happens. My definitions are date stamped today (i.e. 09/05/2015, 02:03) . Now if I download the file again it gets auto-deleted by windows smartscan before I can even attempt to run it.. BTW - I think Krita is awesome. I'm only just starting to learn how to draw (digitally or otherwise) and it's brilliant. Particularly now in v3 that the pinch to zoom and palm rejection seem to work on my surface pro 4.. And the shell extension is great - was really starting to become a problem when I couldn't work out which of my files was which without opening it!