Note that I downloaded it from the official website [VCV Rack 2 - Virtual Eurorack Studio].
I’m trying to install it on my Windows machine, where the complaint itself is a potential risk. I followed the steps to check that it wasn’t a false positive, but ended up with more questions… I’d like to be sure if it really is just a false positive or if I’m worrying too much.
[VirusTotal]
[tria.ge]
Hmm, well I’m no expert but can add a bit. First, I use Bitdefender which has a good reputation and it doesn’t flag anything during running VCV Rack and didn’t flag anything during each of multiple installations.
Running a Windows powershell script doesn’t mean anything malicious or bad in itself, it’s just another way to execute instructions. That in itself doesn’t seem to be a big deal, and it’s not surprising that a software installation package would do that. The other is a change in what a powershell script can do. That doesn’t seem surprising to me either – files are getting move, shortcuts created, not unlikely registry keys are being created.
If nothing malicious is actually done during installation, your system should be fine. We generally have to trust software installers, that’s why you had to click something to give extended privileges to the installer at the beginning of the installation. But a definitive answer on why this script was run and why it needed extended privileges would have to come from the people who created the script that was run.
Again, from my lay perspective, seems normal to me that a software installer would do this kind of thing.
I’d say the Sigma rule set is a bit paranoid (no AV detected anything wrong, right?)
The ExecutionPolicy probably has to do with the fact that it needs to allow the installer scripts to run (to… say… set file associations?). A lot of current installers probably do this and stuff that looks worse when passed through that rule set.
The non-interactive shell stuff… just what it says: a non-interactive (i.e. You can’t type or run commands yourself and will exit itself when done) was spawned to run some command or the other.
The ones from tria.ge look a tad more interesting, accessing geolocation and such, thing is: is it the Rack installer or is it PowerShell?
I haven’t had any problems using the installer; but if you don’t trust it and you want to use the Free version, you can download the code; look through it, and, if you trust it, compile it yourself and use it.
