Howdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
Categories
- 2K All Categories
- 199 Site Announcements
- 65 News and Announcements
- 134 General Discussion
- 823 Fractal Mapper
- 210 Fractal Mapper General
- 607 Maps and Symbols
- 32 Skwyre Virtual Table Top
- 29 Skwyre General Discussion
- 3 Skwyre How-To
- 350 AstroSynthesis
- 262 AstroSynthesis General
- 88 AstroSynthesis Plug-ins and Scripts
- 105 The Keep
- 105 The Keep General
- 59 ScreenMonkey General
- 18 ScreenMonkey Setup and Configuration
- 302 Inspiration Pad Pro
- 302 Inspiration Pad Pro General
- 134 NBOS Character Sheet Designer
- 134 Character Sheet Designer General
Webroot detecting malware in Vintyri and Bogie mapping symbols for Mapper 9
Downloaded Bogie for Mapper 9 on my laptop. I always scan downloaded files for malware: nothing detected in the zipped file. But when I went to run the setup file a "W32Malware.gen" threat was detected. Setup was blocked. I also downloaded the Vintyri symbols for mapper 9. Again no detection on the zipped file. But when scanned after unzipping the same threat was detected.
The above did not happen a week ago when I downloaded these to my desktop computer.
Comments
False positives are extremely common. Often anti-virus software will simply flag any executable it doesn't recognize as being malware 'just in case'. When in doubt you can upload the file to something like virustotal which will run like 100 scanners against the file. For false positives often you'll see something like 99 find nothing, and 1 does.
btw, this is one of the motivations behind FM9's new package system. It allows easy installation of symbols without having to run a program.
We'll look into this, but I doubt very much that there's a problem. Why? First of all, the Bogie and other Vintyri packages contain no executables. Second because we run all our work through Malware Bytes, which here in Germany at least is widely rated as the best anti-malware program on the market. I'm referring here to the industrial grade version of Malware Bytes, for which we have to pay respectable annual fees, and not the smaller freeware version. I'm rather certain that this is just another of many false positive cases, as Ed has described above. I can't say anything about the Webroot program; this is the first I've heard of it.
I think it's likely a false positive as well. But it is persistent: scan the zipped file--nothing; extract the file and within seconds it's flagged as malware and the setup file is removed. And again, nothing of the sort happened when downloaded to the desktop about a week ago. I may try downloading the files again to the desktop to see if it's a Webroot action or localized to my laptop.
I redownloaded the files to my desktop. Scanned while zipped, no issue, scanned the setup file after unzipping and flagged for malware. I've turned in a ticket to Webroot to investigate a false positive.
We have tried to reproduce your issue but with no success. In the meantime, I'd suggest that you copy your desktop files over onto your laptop. There are no executable files in the group, so malware isn't an issue. The files are strictly PDF, PNG and JPG, all non-executable.
Yeah, that's what I ended up doing. It's really odd. Hopefully Webroot responds back.
Webroot responded back that they were false positives and that they have updated their software accordingly.
I'm impressed they got that turned around so quickly!