Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Chrome and Windows blocking download of 20230205 #34

Open
avtech23 opened this issue May 2, 2023 · 3 comments
Open

Chrome and Windows blocking download of 20230205 #34

avtech23 opened this issue May 2, 2023 · 3 comments

Comments

@avtech23
Copy link

avtech23 commented May 2, 2023

I have tried to get the 20230205 release but chrome refuses to download it saying it is dangerous.

I force chrome to keep the file and windows defender snaffles it up straight away saying that it contains wacatac.h !ml trojan.

image

@1a2m3
Copy link
Owner

1a2m3 commented May 2, 2023

I see. Firefox is also suggesting potentially unsafe file.

That's a false positive. There is no malicious code in SPD-RW.

The program uses a loader to launch GUI module stored in resources in gzip compressed format.

During startup, the main GUI module is decompressed into memory, then it is loaded using Assembly.Load method, and finally the original GUI program is loaded using MethodBase.Invoke method calling GUI's Main() method.

Similar techniques can be used by malicious software to hide its main payload to avoid signature based detection, so antiviruses are most likely using heuristic analysis to mark the program as unsafe.

As a temporary solution (until the new release is ready) I can suggest disabling antivirus temporarily during downloading or download it using another browser and adding extracted contents to your antivirus exclusion/safe list.

@avtech23
Copy link
Author

avtech23 commented May 2, 2023

Thanks for the swift reply.

I thought that it was the case that WD is giving false positives, but thought I'd let you know in case others are being prevented from using your awesome tool.

I have force downloaded it into an excluded folder and it finally run once I got past the 'smart screen' block.

@1a2m3
Copy link
Owner

1a2m3 commented Sep 30, 2023

New version posted: 20230930

To address false AV positives, I decided not to use loader this time and replaced WinRing0 driver with CPUID driver.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants