Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

kopiaUI 0.15.0 version is treated as a Trojan by Windows Defender #3410

Closed
qh0814 opened this issue Oct 27, 2023 · 11 comments
Closed

kopiaUI 0.15.0 version is treated as a Trojan by Windows Defender #3410

qh0814 opened this issue Oct 27, 2023 · 11 comments
Assignees
@lupusA
Labels
question

Comments

@qh0814
Copy link

qh0814 commented Oct 27, 2023

When I use version 0.15.0, kopiaUI will be treated as a Trojan by Windows Defender.
I tried the following 2 installation methods
1.KopiaUI-0.15.0-win.zip
2.KopiaUI-Setup-0.15.0.exe
Windows Defender prompts this information:
kopia

However, if I use the previous version 0.14.1, there will be no such problem
@lupusA
Copy link
Contributor

lupusA commented Oct 27, 2023
edited
Loading

Hi,

this is strange. Can you check again:

https://www.virustotal.com/gui/file/f7a10aed8ac6efdc8862690b9c102cc6fc0117085a7435ebc96b9f5f6f6d97d5/detection
https://www.virustotal.com/gui/file/28f2d0ac7312ce11f3dc8eb304d9997ab108a9d0626cbbf7f40d52dd28546765
https://www.virustotal.com/gui/file/da9f431f15aaed6a680cdfb19cf8055cf901ee2be528e69dd1d4d58346fb461a

There was already a run for KopiaUI-0.15.0-win.zip. Potentially, you need to update your definition file. I think it is a false positive.

Cheers,

@qh0814
Copy link
Author

qh0814 commented Oct 27, 2023

Hi,

this is strange. Can you check again:

https://www.virustotal.com/gui/file/f7a10aed8ac6efdc8862690b9c102cc6fc0117085a7435ebc96b9f5f6f6d97d5/detection https://www.virustotal.com/gui/file/28f2d0ac7312ce11f3dc8eb304d9997ab108a9d0626cbbf7f40d52dd28546765 https://www.virustotal.com/gui/file/da9f431f15aaed6a680cdfb19cf8055cf901ee2be528e69dd1d4d58346fb461a

There was already a run for KopiaUI-0.15.0-win.zip. Potentially, you need to update your definition file. I think it is a false positive.

Cheers,

Thank you for your reply. I have checked again using the website you provided. The zip file and KopiaUI-Setup-0.15.0.exe are fine, but the problematic file is KopiaUI.exe, which is extracted from the zip file. All of these files are downloaded from releases.
https://www.virustotal.com/gui/file/047b3c461641b19e747a47c0f6019e36b15faf6b6179ac86df338545891b6d69/detection

@lupusA
Copy link
Contributor

lupusA commented Oct 27, 2023

Hi @qh0814,

i've run another check on kaspersky.

https://opentip.kaspersky.com/047B3C461641B19E747A47C0F6019E36B15FAF6B6179AC86DF338545891B6D69/results?tab=upload

It reported, that the file is clean. As the scanner on virustotal reported a hit, based on a heuristic, it is likely a false positive.

Cheers,

@qh0814
Copy link
Author

qh0814 commented Oct 27, 2023

Hi @qh0814, 你好 ,

i've run another check on kaspersky.我又对卡巴斯基进行了检查。

https://opentip.kaspersky.com/047B3C461641B19E747A47C0F6019E36B15FAF6B6179AC86DF338545891B6D69/results?tab=upload

It reported, that the file is clean. As the scanner on virustotal reported a hit, based on a heuristic, it is likely a false positive.据报道,该文件是干净的。由于virustotal 上的扫描仪报告了一次命中,根据启发式,这很可能是误报。

Cheers, 干杯,

Indeed, this might be a false positive, but this is really strange, the previous versions did not have this problem.

@lupusA lupusA self-assigned this Oct 28, 2023
@lupusA
Copy link
Contributor

lupusA commented Oct 28, 2023

Hi,

i've submitted the file to the microsoft defender team:
https://www.microsoft.com/en-us/wdsi/submission/86a9504a-11e9-4f00-96c8-97112cf7e610

We need to wait for their analysis.

Cheers,

@superbobdthm
Copy link

Just adding my +1 here.

I also had Windows Defender quarantine the KopiaUI.exe as Trojan:Win32/Wacatac.B!ml
I had been running v0.15.0 for several days before this started. I have fallen back to v0.14.1 and haven't had any issues since.

@lupusA
Copy link
Contributor

lupusA commented Oct 30, 2023
edited
Loading

Hi,

we got feedback from the Microsoft Defender Team:

Analysis

I will carry out their steps to create a log file for further analysis. Currently, they are not able to reproduce the detection.

Cheers,

@qh0814
Copy link
Author

qh0814 commented Oct 30, 2023

Hi,

we got feedback from the Microsoft Defender Team:

Analysis

I will carry out their steps to create a log file for further analysis. Currently, they are not able to reproduce the detection.

Cheers,

Thank you for your efforts on this🙂

@adatum
Copy link

adatum commented Oct 30, 2023
edited
Loading

Same issue with kopiaUI 0.15.0 installed with winget: https://www.virustotal.com/gui/file/047b3c461641b19e747a47c0f6019e36b15faf6b6179ac86df338545891b6d69/detection

kopia_trojan

@lupusA
Copy link
Contributor

lupusA commented Nov 1, 2023

Hi,

we have an answer from the microsoft defender team:
Analysis

It has been confirmed, that the file is not infected. Please download the latest definition file to prevent a false detection.
I am closing the issue now.

Cheers,

@lupusA lupusA closed this as completed Nov 1, 2023
@adatum
Copy link

adatum commented Nov 2, 2023

Hi,

we have an answer from the microsoft defender team: Analysis

It has been confirmed, that the file is not infected. Please download the latest definition file to prevent a false detection. I am closing the issue now.

Cheers,

Can confirm, kopiaUI 0.15.0 is no longer flagged by Microsoft Defender scans. Thanks!

@kachick kachick mentioned this issue Mar 23, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lupusA lupusA

Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@superbobdthm @adatum @qh0814 @lupusA