Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

xpra 4.0 wrongly detected as Trojan:Win32/Sprisky.D!cl #2781

Closed
totaam opened this issue May 28, 2020 · 5 comments
Closed

xpra 4.0 wrongly detected as Trojan:Win32/Sprisky.D!cl #2781

totaam opened this issue May 28, 2020 · 5 comments
Labels

Comments

@totaam
Copy link
Collaborator

totaam commented May 28, 2020

Trojan:Win32/Sprisky.D!cl: This detection uses artificial intelligence (AI) to identify new and emerging malware. It is designed to catch threats with varied impact, including banking trojans, botnets, ransomware, cryptominers, and backdoors.

Microsoft, your AI needs work.

@totaam
Copy link
Collaborator Author

totaam commented May 28, 2020

2020-05-28 05:45:51: antoine uploaded file trojan-false-positive.png (104.8 KiB)

windows defender trying to be smart
trojan-false-positive.png

@totaam
Copy link
Collaborator Author

totaam commented May 28, 2020

The false positive has been reported here: filesubmission.
Not much else we can do.
Users can install the "Client" builds, as those don't have the html5 client.

Funny that it's the html5 client that's triggering it this time.

@totaam totaam closed this as completed May 28, 2020
@totaam
Copy link
Collaborator Author

totaam commented May 29, 2020

Official response:

xpra-python3-x86_64_4.0.1-26379.zip
Submission ID: c525bd8e-01cc-44fb-9a46-ed0804f16fc0
Status: Completed
Submitted: May 28, 2020 11:40:53
User Opinion: Incorrect detection
Analyst comments:

We have removed the detection. Please follow the steps below to clear cached detection and obtain the latest malware definitions.

@totaam
Copy link
Collaborator Author

totaam commented Aug 25, 2022

And apparently again as Trojan:Win32/Spursint.Fclear!

Submission details
xpra-x86_64_setup.exe
Submission ID: 1efeb49c-5cc8-4585-98d9-b6904e92ab7a
Status: Submitted
Submitted by: [email protected]
Submitted: Aug 25, 2022 13:45:08
User Opinion: Incorrect detection

@totaam
Copy link
Collaborator Author

totaam commented Aug 25, 2022

Response for this latest report:

We cannot reproduce any detection on the file. If the detection is still observed, follow the steps below to capture support log files from the system reporting detection.

From an elevated command prompt, change to directory "%programfiles%\windows defender" and execute mpcmdrun.exe with option GetFiles:
cd "%programfiles%\windows defender"
mpcmdrun.exe -GetFiles

All created log files will be compressed into MPSupportFiles.cab. Please send us the detected file and MPSupportFiles.cab using https://aka.ms/wdsi. We will continue the investigation once we receive the support log files.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

1 participant