2.6.0 Windows Installer ist detected as PUA:Win32/Packunwan by Windows Defender #2517
Comments
|
I checked a bit further. It seems that it is only the installer that gets flagged, not the installed application itself afterwards. |
|
The installer is created by WiX 3.14 and so is not directly in our control. We have seen AV products flag various installers or uninstallers in the past, through no fault of our own: xref #1608 on NSIS which is one reason we switched to WiX in #1620. It's not clear what could be done here without further information on where this signature is exactly and whether it's possible to avoid with WiX parameters. The theory would be that some actually malicious program used a WiX-built installer as part of itself and the AV signature looks at essentially the wrong thing, the WiX installer, and now flags any WiX-built installer? |
|
I could not reproduce this on an up to date windows. Maybe it was also something fixed in Microsoft Security. I will close this as even I cannot reproduce and no other people seem to have this issue. |
|
Same problem here just now. Would suggest re-opening this issue to make it bit easier to find. (I'm reassured it's a false-positive)
|
Describe the bug
Windows Defender identifies the severe PUA:Win32/Packunwan threat for DrMemory-Windows-2.6.0.msi.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
The installer should not raise red flags with Windows Defender.
Screenshots or Pasted Text
Versions
https://drmemory.org/page_download.html#sec_latest_build solve the problem? For some reason 2.6.0 gets flagged everytime, but the latest build less often.
The text was updated successfully, but these errors were encountered: