Community

Version 6.9 Beta - main discussion

Hilton Travis, User (Posts: 2)

Jul 29, 2018 10:20:39 pm EDT

Alex Coombs wrote:

Hilton Travis wrote:

Any idea why Windows Defender is seeing the Beta as a severe malware app with remote command execution?      

Yeah, it's heuristics. The software (code) is new, so it'll take time for the antivirus companies to mark it as safe.

That's not how heuristics works.  Heuristics looks at the construction of the code, such as the calls used and the jumps made, instead of using signatures.  Heuristic scanning of code generally only reports a false positive if there is something seriously funky being done in the code, and rarely reports it as a known malicious piece of code - which is what happened here.

Now, admittedly, any app that allows remote access to a computer by definition has some "seriously funky code", but with it being recognised as a particular piece of malicious code, that's the issue.

And as to scanners not seeing it yet, therefore not building signatures in their databases, the app has been out for a week and I'm sure I'm not in the first handful of people who have downloaded it who are running Windows Defender - so that isn't really a valid reason for this detection.

Version 6.9 Beta - main discussion

Hilton Travis, User (Posts: 2)

Jul 29, 2018 6:15:46 pm EDT

Any idea why Windows Defender is seeing the Beta as a severe malware app with remote command execution?
This website uses cookies to improve user experience. By using this website you agree to our Terms of Service and Privacy Policy.