INTERACT FORUM
More => Old Versions => JRiver Media Center 18 for Windows => Topic started by: pschom on May 02, 2013, 09:36:28 am
-
Hi, when I tried to install JMC18 I received a virus warning from Trend Micro for "HEU_AEGISCS010". This happened the second time I tried to install too. I wonder if this is a false warning or if the download was corrupted?
Thanks, Paul
Details:
Date/Time Threat Source Affected Files Response Detected By
4/28/2013 15:36 HEU_AEGISCS010 Threat C:\Users\Paul\AppData\Local\Temp\7zSE3FA.tmp\Install.exe Removed Real Time Scan
4/28/2013 15:36 HEU_AEGISCS010 Threat c:\windows\system32\mc18.exe Removed Real Time Scan
-
Did you download it from the top of the board or from another website?
If from another site, try downloading it from this board, a sticky post contains the latest build.
-
I downloaded it from: : http://wiki.jriver.com/index.php/Upgrade_to_MC18
-
Just to be sure, try this one:
http://files.jriver.com/mediacenter/channels/v18/latest/MediaCenter180177.exe
I downloaded it myself just now, and scanned it. Its free of viruses according to Microsoft Security Essentials. I believe if it still gives a warning on your end, its either a false positive or you're already infected with something.
-
I tried that and still receive a warning:
Threat: HEU_AEGISCS010
Source: Threat
Affected Files: C:\Users\Paul\AppData\Local\Temp\7zSC…\Install.exe
Response: Removed
Detected By: Real Time Scan
It appears to be part of the installation download and not on my PC.
Thanks, Paul
-
Its most likely a false positive and if you're certain your pc is free you can ignore the message. Just disable the antivirus temporarily.
I've not looked into the specific virus you listed (you can google it yourself to get more info about this particular warning). Its unlikely, but there is a possibility that there is something already on your pc. Some viruses/trojans/etc morph when they replicate and could possibly be detected by heuristic scanners in one form and not in the other. I admit though its not likely and you're probably safe to ignore the message.
Do have a look at the weird and wonderful thread too, it contains quite a few issues with virus scanners.
-
Please report the problem to Trend Micro.
-
JRiver can report:
http://esupport.trendmicro.com/solution/en-us/1037634.aspx (http://esupport.trendmicro.com/solution/en-us/1037634.aspx)
-
We could, but I don't think it's our job. It's Trend Micro's problem, and their customers' problem. We're third in that chain.
It's a little like the SPAM services. I get several e-mails a day from people who received an e-mail from JRiver, telling us that:
"I apologize for the inconvenience, but I now receive so much spam that I use the Terrific Spamerific e-mail service. Please reply to this e-mail in order to open up access for your future e-mails."
So their spam problem has just become my spam problem. You can guess what happens to the e-mail.
-
When I was about seven or eight, I stepped over a piece of trash at home. My grandmother from my father's side (who was a bit unrefined) gave me a quick rap to the back of the head, and said "Pick it up." Of course, I replied that it wasn't mine and I didn't do it. She instructed essentially that she understood that, but that I should pick it up anyway since it really wouldn't cost me anything, and more importantly because it was the right thing to do.
-
So you're feeling the need to report to Trend Micro?
-
JRiver stands to lose out on revenue due to people not installing it because of this false positive. As the manufacturer, I'd think it in your best interest to take the bull by the horns in regards to making sure your software is not reported by reputable and widely used vendors as a virus.
Also, this is not per se a Trend problem. Based on the information above, it is not picking up MC as a virus, rather it is exhibiting virus like behavior. Their Heuristics engine watches for certain behavior, and tags it as suspect, even if there is no current virus signature attached to it. This is done to protect against zero day viruses and such. There may be issues with how the install is making calls, that cause this problem, and Trend may advise you on how you can fix... Or, Trend could add you to a whitelist of sorts..
Regardless, JRiver should want to make it as convenient as possible for customers, and future customers, to install their software...
It's not like Trend isn't a popular virus scanning program.
-
Our responsibility is to provide great software and help you get it put to use. The OS and the hardware and all the bits you put on it are yours.
I know that sounds a little severe. I'm sorry.
And no, I don't think making AV companies look better will sell more of our software.
-
In parry, one might say your responsibility is to maximize profits for your employees well-being and livelihood. Your commitment is to provide great software...
Touché ? :-)
-
Doesn't sound severe. Just bad business decision making. If you are fine with lost revenue because you didn't want to work with well known vendors to make sure your software installed without problems, then more power to ya.
If I were a business owner, I'd do whatever I could to make sure my customers and future customers had the easiest possible time trying out my products. I know you can't account for every possible issue, but like said, Trend is not a small time mom and pop shop. Many many people use their product, and you stand to lose business if you refuse to work with them to find a solution.
-
There are probably 500 well known vendors we or our customers run across. We can't take responsibility for keeping them all in shape.
Usually this kind of problem is fixed within a couple of days.
-
... one might say your responsibility is to maximize profits ...
I don't agree. High quality is the main goal. All else follows if we provide that.
-
I will contact Trend. I will stick with MC17 until this is worked out. Thanks!
-
I'm slack - I've had this issue with Trend for about 5months blocking the "Install.Exe" from running as part of the install. I did report it but it then got all to hard during the toing and froing (the help desk rep did not seem to believe me that it was a good thing). The path of least resistance is that I disable Trend during each upgrade. It only happens for me with the PC running the latest release of Trend Micro Titanium Internet Security, the other PC run last years version and they are fine.
-
I just checked it at VirusTotal and it scans clean (https://www.virustotal.com/en/file/fc240e4fc0dfb5225f1f47b3ce1f5a551acc15afb3e4c0c333f30f9e142357f8/analysis/1367527706/). TrendMicro has fixed the false positive (at least with the signature file VirusTotal is using).
This happens with security software. It's not JRiver's fault and not something they should chase. It's TrendMicro's problem. Not JRiver's.
-
I don't think I've ever actually had anything but false positives from virus scanners - and the last time I got anything was years back when Microsoft Security Essentials was giving me a false positive for the AnyDVD installer (either that or it was ReClock/Virtual Clone Drive - I forget)
-
This reminds me of a situation in the corporate environment a few years ago. Was getting false positives with a particular vendors virus scanner on a custom exe. Got the exe white-listed for this virus scanner and fixed the issue, but warned the developers that something needs to be done with the exe. Sure enough about 4 weeks later all the other major vendors updated their heuristics which caused the particular exe to be quarantined and caused a major outage. Food for thought.
-
This reminds me of a situation in the corporate environment a few years ago. Was getting false positives with a particular vendors virus scanner on a custom exe. Got the exe white-listed for this virus scanner and fixed the issue, but warned the developers that something needs to be done with the exe. Sure enough about 4 weeks later all the other major vendors updated their heuristics which caused the particular exe to be quarantined and caused a major outage. Food for thought.
I think you're suggesting we may be doing something wrong in the installer, and I don't believe that's accurate.
Our install procedure is simple, transparent, uses a signed executable, and has been fire tested over many years by many users.
-
I think you're suggesting we may be doing something wrong in the installer, and I don't believe that's accurate.
Our install procedure is simple, transparent, uses a signed executable, and has been fire tested over many years by many users.
Not at all. I am saying a false positive may only be a one-off or could replicate to other virus scanner vendors if they impement the same heuristics, depending on what "pattern" it is detecting.