INTERACT FORUM

Please login or register.

Login with username, password and session length
Advanced search  
Pages: [1]   Go Down

Author Topic: Microsoft Security Problems  (Read 2874 times)

JimH

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 72534
  • Where did I put my teeth?
Microsoft Security Problems
« on: May 30, 2024, 02:48:21 am »

Starting around the beginning of 2024, we've seen far more "false positive" problems with Windows Defender.  Here are some things you can do to help.

Download New Definitions from Microsoft
https://www.microsoft.com/en-us/wdsi/defenderupdates

(Windows Defender is also called Microsoft Defender)

Submit a file to Microsoft
https://www.microsoft.com/en-us/wdsi/filesubmission

Configure Windows Defender
https://yabb.jriver.com/interact/index.php/topic,114101.0.html

You can upload a file here to get a report from multiple antivirus programs
https://www.virustotal.com/gui/home/upload
Logged

JimH

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 72534
  • Where did I put my teeth?
Re: Microsoft Security Problems
« Reply #1 on: May 30, 2024, 02:51:54 am »

Please report what you find.  Both problems and solutions.  Please include the full version of MC.  32.0.56, for example.
Logged

comox

  • Galactic Citizen
  • ****
  • Posts: 428
Re: Microsoft Security Problems
« Reply #2 on: May 30, 2024, 11:16:57 am »

I never use MC's update feature. I always manually download updates with Edge.

For many months, every time I click the download link I am warned that the MC exe "could harm my device" and I have to click the Keep button.

Then when I run the exe another warning pops up that "Windows protected your PC" and I have to click More Info, then Run Anyway.

I'm an old timer so don't care and trust JRiver but for potential new customers I suspect this harms sales.

P.S. I keep my system perfectly up to date.
Logged

Awesome Donkey

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 7886
  • Long cold Winter...
Re: Microsoft Security Problems
« Reply #3 on: May 30, 2024, 11:25:56 am »

Edge is pretty bad not allowing MC downloads at the moment due to how integrated it is with Defender. The second popup is the SmartScreen feature (which is also integrated in Edge), usually it tends to pop up until a file has been out in the wild for a bit.

What baffles me a little bit is that MC's files have a digital signature using a certificate they bought (you can see this signature when right clicking on .exe and .dll files in MC's install directory). The really weird thing to me is how slowly Microsoft has been at trusting the certificate. It also baffles me a little that it seems to flag specific files as false positives, I believe it was JRWeb.exe or JRWorker.exe when I last encountered this. My first thought was maybe it's some sort of EXE packer/compression used on the executables themselves or the installer (UPX is a known example of a EXE packer) but now I'm not so sure.

My other thought is, is it the installer or is it the file(s) (like JRWeb.exe and JRWorker.exe, etc.) themselves triggering the false positive? If it's the files, maybe it's something about the name doing it?
Logged
I don't work for JRiver... I help keep the forums safe from "male enhancements" and other sources of sketchy pharmaceuticals.

Windows 11 24H2 Update 64-bit + Ubuntu 24.10 Oracular Oriole 64-bit | Windows 11 24H2 Update 64-bit (Intel N305 Fanless NUC 16GB RAM/500GB M.2 NVMe SSD)
JRiver Media Center 33 (Windows + Linux) | iFi ZEN DAC 3 | JBL 306P MkII Studio Monitors | Audio-Technica ATH-M50x Headphones

comox

  • Galactic Citizen
  • ****
  • Posts: 428
Re: Microsoft Security Problems
« Reply #4 on: May 30, 2024, 11:30:20 am »

Edge is pretty bad not allowing MC downloads at the moment due to how integrated it is with Defender. The second popup is the SmartScreen feature (which is also integrated in Edge), usually it tends to pop up until a file has been out in the wild for a bit.

What baffles me a little bit is that MC's files have a digital signature using a certificate they bought (you can see this signature when right clicking on .exe and .dll files in MC's install directory). The really weird thing to me is how slowly Microsoft has been at trusting the certificate. It also baffles me a little that it seems to flag specific files as false positives, I believe it was JRWeb.exe or JRWorker.exe when I last encountered this. My first thought was maybe it's some sort of EXE packer/compression used on the executables themselves or the installer (UPX is a known example of a EXE packer) but now I'm not so sure.

I install a lot of software updates on a regular basis and only see this problem with JRiver so it's something unique to JRiver.
Logged

Awesome Donkey

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 7886
  • Long cold Winter...
Re: Microsoft Security Problems
« Reply #5 on: May 30, 2024, 11:39:50 am »

I do have a theory potentially. Looking back at my forum posts from when it first started happening, it seems to be the JRWeb.exe file triggering it. Maybe they're simply flagging it on the name instead of some heuristics? Does JRWeb sound like some sort of trojan or something?

It still baffles me that a file digitally signed with a valid certificate could be constantly flagged as malware, even after it's been reported as a false positive multiple times.
Logged
I don't work for JRiver... I help keep the forums safe from "male enhancements" and other sources of sketchy pharmaceuticals.

Windows 11 24H2 Update 64-bit + Ubuntu 24.10 Oracular Oriole 64-bit | Windows 11 24H2 Update 64-bit (Intel N305 Fanless NUC 16GB RAM/500GB M.2 NVMe SSD)
JRiver Media Center 33 (Windows + Linux) | iFi ZEN DAC 3 | JBL 306P MkII Studio Monitors | Audio-Technica ATH-M50x Headphones

JimH

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 72534
  • Where did I put my teeth?
Re: Microsoft Security Problems
« Reply #6 on: May 30, 2024, 11:44:51 am »

Yes.
Logged

zybex

  • MC Beta Team
  • Citizen of the Universe
  • *****
  • Posts: 2674
Re: Microsoft Security Problems
« Reply #7 on: May 30, 2024, 03:16:05 pm »

For many months, every time I click the download link I am warned that the MC exe "could harm my device" and I have to click the Keep button.
Then when I run the exe another warning pops up that "Windows protected your PC" and I have to click More Info, then Run Anyway.

This is how their system tracks app reputation. After many people click the "run anyway", the file become trusted. Sometimes.

Logged

Manfred

  • Citizen of the Universe
  • *****
  • Posts: 1038
Re: Microsoft Security Problems
« Reply #8 on: May 31, 2024, 05:57:39 am »

Quote
This is how their system tracks app reputation. After many people click the "run anyway", the file become trusted. Sometimes.
I had the same problem some time ago.  After clicking the "run anyway" it has never appeared again.
Logged
WS (AMD Ryzen 7 5700G, 32 GB DDR4-3200, 8=2x2+4 TB SDD, LG 34UC98-W)-USB|ADI-2 DAC FS|Canton AM5 - File Server (i3-3.9 GHz, 16GB ECC DDR4-2400, 46 TB disk space) - Media Renderer (i3-3.8 GHz, 8GB DDR4-2133, GTX 960)-USB|Devialet D220 Pro|Audeze LCD 2|B&W 804S|LG 4K OLED )

EnglishTiger

  • Regular Member
  • Citizen of the Universe
  • *****
  • Posts: 1115
Re: Microsoft Security Problems
« Reply #9 on: May 31, 2024, 10:09:03 am »

Along with MC32.exe AVG Internet Security also gets suspicious of JRService.exe, JRWeb.exe and JRWorker.exe. To get around AVG's dislike of MC32.exe I suspend it for 10 minutes while I install a new version of MC32 and start it running. Although it also gets suspicious of the 3 JRxxxx.exe files AVG's inbuilt analysis routines cut in when 1 of them is activated and in less than 30 secs declares them safe; it also submits the relevant.exe and it's findings to AVG Labs. The same happens for both MC32.exe and the 3 JRxxxx.exe files the next 2 times I open MC32 as either client or server. One thing I have noticed though is for the last 5 updates AVG has not been suspicious of JRService.exe.

I'm guessing that AVG Internet Security on the Mac works in a very different way because it has never found anything wrong when downloading, installing or running MC32 on the Mac Mini.
Logged
Apple Mac Mini Desktop Computer with M4 Pro chip with 12 core CPU and 16 core GPU: 24GB Unified Memory, 512GB SSD Storage, Gigabit Ethernet, 3 Thunderbolt5 + 2USBC ports.

comox

  • Galactic Citizen
  • ****
  • Posts: 428
Re: Microsoft Security Problems
« Reply #10 on: May 31, 2024, 11:11:26 am »

Along with MC32.exe AVG Internet Security also gets suspicious of JRService.exe, JRWeb.exe and JRWorker.exe.

I remember being very suspicious of those too when I started to use JRiver. I've never seen a description of what they do.
Logged

Hendrik

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 10968
Re: Microsoft Security Problems
« Reply #11 on: May 31, 2024, 02:49:52 pm »

I remember being very suspicious of those too when I started to use JRiver. I've never seen a description of what they do.

JRWeb is used to host the web browser for any views that show a website. Web Browsers should generally be sandboxed into their own process for security and stability - and thats what JRWeb does.
JRWorker primarily performs video import and thumbnailing, so it doesn't bog down MC itself. It has some other tasks like dealing with some handheld devices as well, but thats much more niche.
JRService is a light-weight system service that handles some remote control functions that require a system-wide component to intercept. From all those here, its probably the most niche.
Logged
~ nevcairiel
~ Author of LAV Filters

comox

  • Galactic Citizen
  • ****
  • Posts: 428
Re: Microsoft Security Problems
« Reply #12 on: May 31, 2024, 09:05:04 pm »

Thank you Hendrik.
Logged

JimH

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 72534
  • Where did I put my teeth?
Re: Microsoft Security Problems
« Reply #13 on: June 01, 2024, 12:39:50 am »

JRWeb is used to host the web browser for any views that show a website. Web Browsers should generally be sandboxed into their own process for security and stability - and thats what JRWeb does.
JRWorker primarily performs video import and thumbnailing, so it doesn't bog down MC itself. It has some other tasks like dealing with some handheld devices as well, but thats much more niche.
JRService is a light-weight system service that handles some remote control functions that require a system-wide component to intercept. From all those here, its probably the most niche.
Added a link to your post on the wiki here:
https://wiki.jriver.com/index.php/JRWeb
Logged

mpffffhhhh

  • Recent member
  • *
  • Posts: 26
Re: Microsoft Security Problems
« Reply #14 on: June 01, 2024, 07:14:42 am »

interesting, i never had any problems with jriver updates.
w10, always up to date
Logged
Pages: [1]   Go Up