Comments (42)
Windows Defender (Win 11) just flagged bt-3.5.2 as "threats found" for me.
Detected: Program:Win32/Wacapew.C!ml
from bt.
10 today.
from bt.
Analysis on above is still pending but some detections have already cleared out.
from bt.
It seems Microsoft doesn't like the latest version as it has been automatically removed from my PC by Windows Defender.
from bt.
Yeah, but it would be also super slow and at least x100 bigger in size of downloads and ram.
from bt.
It's about $1.5k for 3 years. Could be less if you shop around. But that won't solve false AV issues, you can still be banned and certificate revoked for no reason. I think realistically one needs a legal team to deal with AV false claims which I apparently don't have. I'd recommend having a read:
- https://weblog.west-wind.com/posts/2016/Oct/05/Dealing-with-AntiVirus-False-Positives
- https://www.autohotkey.com/boards/viewtopic.php?t=87322
- https://steamcommunity.com/app/779590/discussions/0/2572002906839928114/
- https://help.steampowered.com/en/faqs/view/5F3D-1477-AFF9-C4F3
- https://www.linkedin.com/pulse/kaspersky-reasons-false-positives-amirabbas-mahdavi
- https://www.gdatasoftware.com/blog/2022/06/37445-malware-detection-is-hard
- https://medium.com/@airflow.matt/globalsign-will-revoke-your-codesign-certificate-no-questions-asked-f6ac2bca02c5
And by the way, the last BT version (3.5.0) has only a single AV's claim out of 90, unlike 29 out of 90 for version 3.4.0, so it's totally random trash. I've myself became very pessimistic about usefulness of AV software in general after dealing with this.
from bt.
Same thing here, BT 3.5.2 was flagged by Microsoft Defender as PUA. It's possible to send files to Microsoft for further analysis: https://www.microsoft.com/en-us/wdsi/filesubmission/ โ I urge you to do it if you are affected.
from bt.
Same thing here, BT 3.5.2 was flagged by Microsoft Defender as PUA. It's possible to send files to Microsoft for further analysis: https://www.microsoft.com/en-us/wdsi/filesubmission/ โ I urge you to do it if you are affected.
I have used this before, and just submitting for latest version as "incorrectly identified as malware". Will let you know on progress:
from bt.
@neoOpus thanks. Update checks are already fixed and will be out in v3.6. Defender does not block it anymore.
from bt.
By the way, I reported the false positive to Avast (which also includes AVG), so VT now reports only 11 false positives.
According to their reply, they reclassified BT from malware to PUA, since apparently it doesn't match their "clean software policy" (which, surprisingly, claims signing is preferred but not required):
Thank you for contacting Avast and reporting a false positive detection. We're happy to help.
Along with the Avast virus specialist, weโve checked the reported file and changed the threat detection to PUP (potentially unwanted program). The PUP detection is due to lack of compliance with Avastโs clean software policy.
For more information, refer to this article: Avast Threat Labs - Clean guidelines
If you are the owner of the reported file and want to change the detection to clean, feel free to contact us again for a new analysis as soon as the file matches the Avast guidelines.
from bt.
@jnv I have raised Avast issue separately yesterday, and classification is cleared completely.
from bt.
Also submitted a dispute to McAfee now.
from bt.
And just for fun to Malwarebytes.
from bt.
from bt.
AVG and Avast were great help in whitelistimg 3.6.2, we are -2 now.
from bt.
14/61 today!
from bt.
I am unable to download it unless, of course, if I disable MS Defender
from bt.
I can't afford a signing certificate so it's not going to happen. You are free to validate it's not dangerous as source code and build pipelines are completely open and transparent.
from bt.
I can't afford a signing certificate so it's not going to happen. You are free to validate it's not dangerous as source code and build pipelines are completely open and transparent.
What is the cost of a signing certificate?
from bt.
Kaspersky and Sophos both left BT undetected for me, seems it might be a Microsoft specific issue.
from bt.
it's totally random and changes daily ;)
from bt.
It keeps getting deleted even when excluded from scans... I have to reinstall it every few days.
from bt.
There are 2 different .zip files. A pdb version which downloads fine and non-pdb version that doesn't. What's the difference between the 2?
from bt.
There are 2 different .zip files. A pdb version which downloads fine and non-pdb version that doesn't. What's the difference between the 2?
.pdb version is debug symbols to investigate crashes, you don't need that.
from bt.
It keeps getting deleted even when excluded from scans... I have to reinstall it every few days.
You can permanently allow the "threat" until MS investigates. There are instructions available here.
from bt.
Windows Defender should now be fine, just got analysis results from Microsoft:
from bt.
Also VirusTotal before and after (Microsoft AV is OK now). Hopefully others will follow the suit.
from bt.
It keeps getting deleted even when excluded from scans... I have to reinstall it every few days.
You can permanently allow the "threat" until MS investigates. There are instructions available here.
I have been doing that since the start, but it doesn't stick. That's why I notified you that currently it is allowed and working properly, but it crashes when trying to find updates... I am simply informing you of this, but it is alright if you are unable to resolve these.
from bt.
@jnv thanks for that, I also raised request with ESET which has reclassified as clean.
from bt.
So far, it worked and I didn't have any issue :)
from bt.
Unfortunately we're back to 24 false positives for the v3.6.2 installer. Today even Microsoft Defender took down my locally compiled version.
from bt.
Unfortunately we're back to 18/64
from bt.
from bt.
Down to 11 today:
from bt.
Down to 15 today. ZIP is catching up, as I'm submitting false positives for MSI only, which contains the same binary as zip.
from bt.
from bt.
Same here, looks like Microsoft needs a ticket for every new version to allowlist it again.
from bt.
Also this is odd, because VirusTotal only reports 4 hits from "bad" AVs
from bt.
I think if it was in Dotnet or other IL language it wouldn't have so many troubles. Because it is much easier to analyze than pure x86 instruction set.
from bt.
It seems Microsoft doesn't like the latest version as it has been automatically removed from my PC by Windows Defender.
Not only the latest, also 1 or 2 previous - it broke, I installed newer one (deactivated the antivir) but at some point it reactivated... It actually breaks opening links if BT is set as default handle for hyperlinks. Typical Microsoft -.-
Can we whitelist it manually? Or do we need to do that for every version as well?
Edit: Going into the defender history and reverting + adding a manual entry for C:\Program Files\Browser Tamer\bt.exe
seems to work - for now. No resetting of default browser or anything needed.
from bt.
Yeah, but it would be also super slow and at least x100 bigger in size of downloads and ram.
Is https://github.com/mortenn/BrowserPicker , for example, slow and bloated for you?
from bt.
From what I understand from this talk about Windows - BlueHat IL 2023 - David Weston - Default Security
https://www.youtube.com/watch?v=8T6ClX-y2AE : maybe turning in UWP and converting msi to MSIX can make help against AV ๐ค. One of the issues was mentioned is "over privileged apps".
from bt.
Related Issues (20)
- When using dual monitors, picker always shows on position HOT 6
- Unable to display Chinese characters HOT 1
- Pick a Browser window freezes with cromium based browsers with versions > 3.5.1 HOT 3
- Scoop persist broken HOT 1
- Open in Browser Tamer should show the choose browser windows HOT 6
- (request) UI zoom HOT 2
- Links preprocessing HOT 6
- Kernel error upon launch HOT 4
- regex with alternation ("|") in patten causes crashes HOT 4
- Add feature to reader browsers in selection menu HOT 2
- Add support for regex capture groups HOT 2
- MSIX firefox not discovered HOT 3
- Opening link with Chrome Private Profile does not open the link in Incognito window HOT 4
- Regex domain rule failed to load and operate properly HOT 9
- Firefox extension omits `:` after `http(s)` HOT 6
- Firefox in BT container mode doesn't have option for "No container" HOT 4
- [Request] Ability to hide some browser profiles HOT 1
- [Feature] Option to open in specific tab group
- [Request] Complex Matching with AND/OR
- Arc Browser HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from bt.