mirror of
https://github.com/1Remote/1Remote.git
synced 2026-04-25 13:36:03 +03:00
[GH-ISSUE #123] Malwarebytes flagges PREMOTEM.EXE as a Trojan.Crypt #1063
Labels
No labels
area-configuration
area-ct-app
area-ct-rdp
area-ct-remoteapp
area-ct-ssh
area-ct-vnc
area-launcher
area-list
area-tags
area-teamwork
bug
chore
dependencies
general-build/ci
general-performance
general-refactor
general-security
general-supportive
general-ux
meta-documentation
meta-enhancement
meta-enhancement
meta-feature
meta-help-wanted
meta-unknown-error
priority-hi
priority-low
pull-request
question
resolution-duplicate
resolution-invalid
resolution-wontfix
stale
task-put-off
task-still-considering
task-working-in-progress
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
starred/1Remote#1063
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @lbrunkho on GitHub (May 17, 2021).
Original GitHub issue: https://github.com/1Remote/1Remote/issues/123
Originally assigned to: @VShawn on GitHub.
Malwarebytes flags PREMOTEM.EXE as a Trojan.Crypt in both the .7z archive and extracted.
To Reproduce
Expected behavior
Files would pass MBAM scanning so as to not get automatically removed from the system.
Screenshots
Desktop (please complete the following information):
@VShawn commented on GitHub (May 18, 2021):
Hi thanks to reporting the issue. And I'm sorry that I am not a security engineer, so I don't know how to deal with such virus detection problems. Before anyone can help solve it, it is recommended that you include PRemoteM.exe into your virus detection whitelist, or maybe try the Microsoft store version.
@VShawn commented on GitHub (May 18, 2021):
I guess it may be because the exe version is not signed, and I added a registry entry for the software to start automatically, or wrote the registry for the Kitty configuration, which caused it to be detected as a virus.
@lbrunkho commented on GitHub (May 27, 2021):
Thanks for taking a look into it. I'm going to try add it to the white list on Malwarebytes. Having a signed exe would definitely be nice but I understand this is a lot of work. Also would it be possible to move the Kitty executable out of the main binary?
@majkinetor commented on GitHub (May 27, 2021):
Yes its possible to have 2 variants - light without any dependency and full. On chocolatey at least you would then install it fully with
cinst kitty premotem. It could also be added as automatic dependency which would require no explicit specification. PRM would need to support using kitty from the system (adding options in configuration to specify path if its not on the PATH, or if it is, just use it [as with chocolatey install]).This obviously requires some work but release could be automated within #79 eventually.
@majkinetor commented on GitHub (May 27, 2021):
I think this is not an option really.
@VShawn commented on GitHub (May 28, 2021):
Eventually I make some change by following this approach: https://stackoverflow.com/a/41272682/8629624
and It is no longer detected as a virus in GMail(still be blocked since it is .exe), Don't know if it will be detected as a virus by Malwarebytes.
@majkinetor commented on GitHub (May 28, 2021):
I wouldn't be concerned at all, it is what it is. No other scanner detects it:
@lbrunkho commented on GitHub (May 28, 2021):
Thanks for all the work @majkinetor and @VShawn! I am going to add this to the Malwarebytes exception list and move on. I would like to take a look at a lite release when/if that happens and see if it still gets flagged. This ticket can be closed. Again thanks for your time!