Windows 10 is detecting Malware in the code base

[sgcitinnov]

• Operating system: Windows 10
• Pencil version: Latest build

Today I cloned the code base to find that Windows Defender is reporting the existence of a Win32/Varpes variant: https://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?name=Trojan%3aWin32%2fVarpes.M!cl&threatid=2147708972&enterprise=0

Really puts me off using Pencil - which otherwise looks great.

[ernestoamg]

same here, downloaded directly from the website.

[mbrainiac]

Those are false positives.

Atom has some false positives, too: atom/atom#3927
And Electron: electron/electron#4485

https://virustotal.com/en/file/aaa73a47bdbad46bc2e725f56aa44e6f5605219d5e726b9f9d9ced9077a66534/analysis/

[ernestoamg]

You submitted this file version: 3.0.0-rc.1.4, where con we download that one?

[mbrainiac]

@ernestoamg It's Pencil 3.0.0-rc.1 :)

[dgthanhan]

@ernestoamg Yes, it's the latest rc1 EXE installer available at:
https://github.com/evolus/pencil/releases/download/v3.0.0-rc.1/Pencil-Setup-3.0.0-rc.1.exe

$ sha256sum Desktop/Pencil-Setup-3.0.0-rc.1.exe
aaa73a47bdbad46bc2e725f56aa44e6f5605219d5e726b9f9d9ced9077a66534 Desktop/Pencil-Setup-3.0.0-rc.1.exe

[sgcitinnov]

Thanks to all for the quick feedback on this one. Clearly its up to you guys in terms of what you do about this issue. I work in a research organisation on a PC that has components of the OS managed for me (such as security). Due to this problem I won't be able to use the latest version of Pencil since the OS shuts Pencil down. This is just one user story - I add it just for information.

In the meantime, keep up the good work! I'll be back using Pencil as soon as I can.

[gigios]

I have downloaded the last RC version but the problem is still present.

[leoguzmo]

Same problem @gigios @sgcitinnov

[RonR-WebDesign]

Same problem with 3.0.0-rc.1. Above this shows that this is closed. Is that fixed in file version: 3.0.0-rc.1.4? If so, where is that and why isn't it the latest download?

[dgthanhan]

The closed one is the #85 which is a duplication of this, not this one. The way github is showing information of related issues seems to cause to much confusion.

[RonR-WebDesign]

This is where we are confused. Marking an issue Closed sounds like the issue is fixed.

[deserted]

This ticket isn't closed RonR, scroll up top and note the green "Open" to confirm, tickets #85 and #111 have both been closed as duplicates of this ticket.

[larvanitis]

I think the problem is with a single vendor and as such you should report the false positive to Microsoft so they can whitelist it or something.

see https://www.microsoft.com/en-us/security/portal/submission/submit.aspx

[eadafm]

Symantec Endpoint Protection has quarantined it here too so it would appear not to be a single vendor issue.

[silkentrance]

Disabling Windows defender does the trick or just allow exceptions from the rule.