Windows > Third Party Plug-ins, Programs, and Skins
ZRatings v3.2 released
zybex:
After Defender started flagging ZRatings again as malware, I submitted a 'bad detection' report to Microsoft. They've now confirmed that it's safe:
https://www.microsoft.com/en-us/wdsi/submission/6e4605b1-b71a-454c-9573-96bb00e8dfe0
"Analyst comments:
At this time, the submitted files do not meet our criteria for malware or potentially unwanted applications. The detection has been removed. "
I hope this alleviates concerns some of you may have had :)
EDIT: Apparently the link above only works on my microsoft account. I attached the page below.
arcspin:
Great to hear, cause this was getting annoying to say the least.
I still get false positive, today at 10.09 a.m., so it might take some time for the updates to be pushed out.
This is what windows think it is
"Trojan:Win32/AgentTesla!ml"
To prevent defender to find the false positive on the next search I delete the Detection History folder per instructions below:
(I don't know if that is necessary but I do it anyway)
"""
Windows Defender is defaulted to scan its own "Scans/History". Resulting in the discovery of the malware over and over again.
Even though, other scanners see no evidence of the malware on the PC. It doesn't exist!
Until Microsoft sees fit to fix this problem, you can prevent the repeating error indication, by deleting the items that are described in Windows Defender Protection History.
You can delete them by accessing their files, that are located in C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service.
In the "Service" folder, find and delete "Detection History".
Note: ProgramData is a hidden file. In order to access it, the "Hidden Items" option in "File Explorer" must be checked.
Find the "Hidden Items" check box under the "View Tab".
And, the first time that you access "Scans", you must select "continue", to obtain the permission.
"""
Here´s the link:
https://answers.microsoft.com/en-us/protect/forum/all/windows-defender-identifies-the-same-pup-as-a/63f17794-3815-4784-b9cd-c6059c8e0828
Thanks for keeping ZRatings up and running!
Best wishes,
zybex:
Thanks Arcspin,
Here's a couple of alternative methods to stop the nagging:
1. Add the ZRatings.exe file (or folder) to Defender's exclusion list:
Virus & Thread Protection -> Manage Settings -> Add Or Remove Exclusions -> Add An Exclusion -> select the ZRating's file or folder
2. After ZRatings.exe is detected and quarantined, tell Defender to allow and whitelist the file:
Virus & Thread Protection -> Protection History -> click on ZRatings "threat" -> select Action: "Allow" to restore and whitelist the file
Unfortunately it's likely that each new version I publish will follow the same pattern :(
zybex:
--- Quote from: arcspin on December 28, 2021, 03:21:16 am ---This is what windows think it is
"Trojan:Win32/AgentTesla!ml"
--- End quote ---
The "!ml" at the end means "Machine Learning". It means the detection is not of an exact known virus, but instead is just based on a probability of this file being a virus when compared to the behavior/patterns of other known viruses. The ML method is still IMHO extremely error prone and unreliable and flags way too much stuff simply because the file is not signed by one of the major publishers. I tend to disregard almost all detections of this type (after some due diligence).
JimH:
--- Quote from: zybex on December 28, 2021, 03:06:14 am ---After Defender started flagging ZRatings again as malware, I submitted a 'bad detection' report to Microsoft. They've now confirmed that it's safe:
https://www.microsoft.com/en-us/wdsi/submission/6e4605b1-b71a-454c-9573-96bb00e8dfe0
"Analyst comments:
At this time, the submitted files do not meet our criteria for malware or potentially unwanted applications. The detection has been removed. "
--- End quote ---
No apology?
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version