Menu

#141 Avast false positive alert with 64bit portable package

None
fixed
orwelldevcpp
None
2015-01-05
2014-11-10
DazedNConfused
No

Dev-Cpp 5.8.2 TDM-GCC x64 4.8.1 Portable.7z is getting flagged by Avast. I don't know which file specifically is triggering the false positive, as the download is blocked as soon as it finishes. I thought it was best to report it here, instead of just simply turning off the antivirus' shields.

Discussion

  • DazedNConfused

    DazedNConfused - 2014-11-10
    • summary: Avast false positive alert with 64bit portable executable --> Avast false positive alert with 64bit portable package
    • Description has changed:

    Diff:

    --- old
+++ new
@@ -1 +1 @@
-*Dev-Cpp 5.8.2 TDM-GCC x64 4.8.1 Portable.7z* is getting flagged by Avast. I don't know which file specifically is triggering the false positive, as the download is blocked as soon as it finishes. However, instead of disabling the protection for this file, I thought it was best to report it here.
+*Dev-Cpp 5.8.2 TDM-GCC x64 4.8.1 Portable.7z* is getting flagged by Avast. I don't know which file specifically is triggering the false positive, as the download is blocked as soon as it finishes. I thought it was best to report it here, instead of just simply turning off the antivirus' shields.
    • Milestone: -->
     

  • orwelldevcpp

    orwelldevcpp - 2014-11-10

    Does any other version of Dev-C++ 5.8.2 or any older version trigger a false positive too?

     

  • DazedNConfused

    DazedNConfused - 2014-11-11

    Tested Dev-Cpp 5.8.2 No Compiler Portable.7z, Dev-Cpp 5.8.1 TDM-GCC x64 4.8.1 Portable.7z and (again) Dev-Cpp 5.8.2 TDM-GCC x64 4.8.1 Portable.7z. They all test positive with the main executable devcppPortable.exe. Maybe this should be notified to Avast?

     

  • orwelldevcpp

    orwelldevcpp - 2014-11-15

    I have rewritten devcppPortable.exe due to overflow vulnerabilities. This new version will be provided with Dev-C++ 5.8.3.

    Can you scan the executable using your avast configuration?
    https://dl.dropboxusercontent.com/u/60808323/devcppPortable.exe

     

    Last edit: orwelldevcpp 2014-11-15

  • DazedNConfused

    DazedNConfused - 2014-11-15

    The file provided does not trigger an alert. I have also reescaned the previous files (to see if maybe it was a fault on Avast's end that got patched through one of their daily updates), but they still test positive.

     

  • orwelldevcpp

    orwelldevcpp - 2014-11-15
    • status: open --> fixed
     

  • orwelldevcpp

    orwelldevcpp - 2014-11-15

    If you don't mind, I will consider this problem fixed.

     

  • peterme

    peterme - 2015-01-01

    Since yesterday this devcppPortable.exe as from Dev-C++ 5.8.3. x64 is reported as virus
    by Avira Free Antivirus:
    "In der Datei 'D:__Temp\yy\devcppPortable.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Rogue.174080.25' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern"

     

  • orwelldevcpp

    orwelldevcpp - 2015-01-01

    Hmm.

    All I can do for now is prove that this file is harmless. The source code can be found here:
    https://sourceforge.net/p/orwelldevcpp/code/ci/master/tree/Source/Tools/DevCppPortable/main.cpp

    As you can all see, all it does is launch devcpp.exe using the -c command to store the configuration files in the current directory.

     

  • peterme

    peterme - 2015-01-01

    Oh, i did not doubt. Thanks for the info! I reported the false alarm to Avira.
    As i prefer to continue to work with the portable, i created a workaround (a shell link which mimics the -c parameter on the command line).

     

  • peterme

    peterme - 2015-01-05

    Accepted by Avira:

    Filename Result
    devcppPortable.exe FALSE POSITIVE

    The file 'devcppPortable.exe' has been determined to be 'FALSE POSITIVE'. In particular this means that this file is not malicious but a false alarm. Detection will be removed from our virus definition file (VDF) with one of the next updates.

     

Log in to post a comment.

Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.