Tried downloading and installing VCV2Free version straight from vcvrack.com, but when downloaded Microsoft AV immediately quarantines the file, because of a supposed Trojan:Win32/Spursint.Q!cl - virus.
Most likely a false positive, but still refraining from installing it. Does this occur to others as well ?
No flags from ESET antivirus when I downloaded.
The new VCV Rack update causes an alert: Malicious.high.ml.score in Virustotal. What should I think?
I just tried it from a known clean, uninfected/uncompromised Linux machine. Downloaded the installer then uploaded it to Virustotal. Trapmine (and only Trapmine) throws a warning, and it’s not even a warning that you can verify the veracity of, as Trapline does not seem to exist as a product for download by end-users (at least not cunsumers, maybe enterprise-only application?)
Tested my windows machine just in case, and it’s clean. (deep scan, Avast AV, windows 11).
Windows Defender throws a warning because the installer is unsigned.
Anti virus products flashes warnings and false positives all the time. You can’t trust them a lot of the time.
Which was why I tested it multiple times and tried grabbing the installer from a known clean, uninfected linux machine then uploaded to virustotal. I also deep-scanned my windows PC with Avast, and later in the night rebooted it with my recovery stick and scanned it under Linux using ClamAV as well.
The AV that is throwing the False Positive is TrapMine, which is a machine-learning-based AV/AntiMalware for corporate and enterprise, not consumer-grade stuff. From examining the details section of the VirusTotal page, it seems to be throwing the false positive over the uninstaller component of the package.
Norton also thinks the Windows installer is malicious, and automatically deletes (actually quarantines) the file without offering a choice. It is possible to restore after the fact.
MalwareBytes has not flagged the Windows installer as malicious on my Win11 system.
Kaspersky Anti-Virus doesn’t report virus (Windows 10, Free installer v2.2.0).
I redownloaded the latest version 2.2.0 and still no changes on VirusTotal ( Malicious.high.ml.score) , but a comment appeared :
FileScan.IO Analysis:
Verdict: LIKELY_MALICIOUS Confidence: 100/100 Tags: overlay,packed,shell32.dll,64bits,peexe,javascript Domains: nsis.sf.net Hosts: 204.68.111.100
it makes me confused.
Is it still the TrapMine scanner on VirusTotal throwing this error?
Nothing else that I have scanned it with shows anything wrong, and none of the other scanners on VirusTotal show anything either. Have you reported this to the devs (I didn’t, as I was busy figuring out what module was causing graphical glitches when I updated to 2.2).
