Windows Defender and openmsx beta builds

Page 1/3
| 2 | 3

By Samor

Prophet (2054)

Samor's picture

25-02-2020, 21:38

Hi,

It seems some recent OpenMSX builds from https://openmsx.fixato.net/ are detected by Windows Defender as
"Trojan:Win32/Detplock".
I'm assuming it's a false positive, but the official release or earlier builds are not detected as such.
Just to let you know.

Login or register to post comments

By Manuel

Ascended (17064)

Manuel's picture

25-02-2020, 22:42

Does it detect that in openMSX.exe?
Can you check when this started?

By FiXato

Scribe (1635)

FiXato's picture

25-02-2020, 22:48

I've manually scanned some of the latest x86 and x64 windows builds from my site with both ESET NOD32 and Windows Defender for Windows 7 with its latest definitions, and neither found any threats.

Can you link specific downloads that are being flagged as threats, and tell us which version of Windows and Defender (should be under About Defender in the '?' dropdown menu?) you are using?

I've tested it with
Clientversion: 6.1.7600.16385
Engine version: 1.1.16800.2
Anti-spyware definitions: 1.311.4.0

By Vampier

Prophet (2357)

Vampier's picture

25-02-2020, 22:52

the virtual machine that builds openMSX is pretty much a headless setup which only purpose it is to build openMSX. As a precaution I have installed McAfee (Intel) antivirus (legit paid copy). I'm running a full scan of the system. Stinger Antivirus came back as negative.

By DamnedAngel

Master (187)

DamnedAngel's picture

25-02-2020, 23:01

You guys probably have a personal/dev environment for building OpenMSX from source code. Why not building the executable in such secondary environments and comparing the binary with the "official" build?

By DrWh0

Paladin (793)

DrWh0's picture

25-02-2020, 23:08

I don´t use installers, but zipped versions gives a couple of false positives

Is a false positive clearly in 64 bits version:

https://www.virustotal.com/gui/file/7ee858b21c353d82e1bed5e1...

32 bits version marks a supposed adware Ammonetize (but it does not have sense due to the nature of malware):

https://www.virustotal.com/gui/file/b49e2e2dbb89059a1360adf7...

Edit:

I would like to mention that Windows Defender has many false positives and specially with their "detected" virus

Other programs are affected too:

https://github.com/typora/typora-issues/issues/2809

By sdsnatcher73

Paragon (1201)

sdsnatcher73's picture

26-02-2020, 02:07

I have been building openMSX for Windows myself since the build for openMSX.dev was behind a while back but I did not get any detection by Windows Defender, I will run a manual scan and compare my build to the download as well...

By sdsnatcher73

Paragon (1201)

sdsnatcher73's picture

26-02-2020, 03:12

My build 661 passes a manual scan whilst the download of the 661 zip from openmsx.dev is blocked on my machine. I build on Windows using Ubuntu via WSL (Windows Subsystem for Linux). I installed the Ubuntu app from the Microsoft Store.

Then inside that Ubuntu I installed the required packages for building (tcl is needed because the openMSX build runs a tclsh command but can't run it from what it just build under the active environment):
sudo apt install mingw-w64 gcc make tcl

You have to tell mingw-w64 to use possix threads by running these 4 commands:
sudo update-alternatives --config i686-w64-mingw32-gcc
sudo update-alternatives --config i686-w64-mingw32-g++
sudo update-alternatives --config x86_64-w64-mingw32-gcc
sudo update-alternatives --config x86_64-w64-mingw32-g++
Choose option 1 for each...

My build command is then:
make OPENMSX_TARGET_CPU=x86_64 OPENMSX_TARGET_OS=mingw-w64 OPENMSX_FLAVOUR=opt staticbindist

Finally to 'install' the build:
cp -RvP derived/x86_64-mingw-w64-opt-3rd/bindist/install/* /mnt/c/Program\ Files/openMSX.dev/

By sdsnatcher73

Paragon (1201)

sdsnatcher73's picture

26-02-2020, 08:59

Here is a download link with my 661 build,

By Vampier

Prophet (2357)

Vampier's picture

26-02-2020, 17:18

I ran 2 scans on the whole computer - 0 problems.

By sdsnatcher73

Paragon (1201)

sdsnatcher73's picture

26-02-2020, 18:55

Vampier wrote:

I ran 2 scans on the whole computer - 0 problems.

Well you mentioned you use McAfee, which is of course different from Windows Defender. Do you build with Visual Studio? I suspect it might add some info that triggers Windows Defender, info that is not in the mingw build.

Page 1/3
| 2 | 3