Windows Defender Gone Amok

[jlippey]

Just commenting...

Windows Defender claims that XYplorer.exe v16.5 is the Trojan: Win32/Fethar.B!cl. This is 64-bit Windows 10 Build 10586.164.

I excluded the folder and file from Defender's scan.

Am I the only one to see this?

[Edited to fix the XY version number.]

-Jerry

[highend]

v16.50.0200?

A false positive...

E.g.:
https://www.virustotal.com/en/file/6c0c ... 458775384/

[jlippey]

v16.50.0200?

Yes.

-Jerry

[RalphM]

It is a good idea to exclude XYplorer.exe as well as XYCopy.exe from all scanning in order to speed up file operations anyway.
An initial virus scan after the download should do the trick.
There have been other instances of false positives in the past.

[jlippey]

Peculiar I'm the only one reporting this. I was upgrading from v16.1, which didn't cause any trouble. I didn't get the alert immediately. That led me to believe an update to Defender's signatures might have been responsible.

I had long ago excluded the Processes. But that did not prevent the false positive. Seems to me it should.

-Jerry

[petersboulton]

Peculiar I'm the only one reporting this. I was upgrading from v16.1, which didn't cause any trouble. I didn't get the alert immediately. That led me to believe an update to Defender's signatures might have been responsible.

I had long ago excluded the Processes. But that did not prevent the false positive. Seems to me it should.

-Jerry

I get it too. First time in several years of running XYplorer.

Pete

[jlippey]

Had you just upgraded XY to v16.50.0200?

-Jerry

[petersboulton]

Had you just upgraded XY to v16.50.0200?

-Jerry

Yes. Not sure that's significant though - it's just the bytes sequence in 16.50.0200 which presumably triggers the false positive.

I have set an exclusion on the XYplorer folder. Unless Donald has suddenly turned or his machine has become infected, both of which seem >99.9% unlikely, I'm happy to run with this option.

Virustotal scores the risk at 1 engine out of over 50 so it seems a false positive is the explanation.

[admin]

1) Of course it's a false positive. (I'm not crazy)

2) I (and others here) have contacted Microsoft about it. I hope they fix it soon.

[admin]

Looks like MS has updated their thing. The case should be closed. At least for 16.50. I will probably have to do it again for 16.60...

2016-04-06_134053.png (14.14 KiB) Viewed 3564 times

Note: "xyplorer_full.zip.zip" contained xyplorer_full.zip, which again contained the other 2 files.

[ggonline]

got it too... Trojan:Win32/Fethar.B!cl
SAME FILE ... Installed a week earlier no problem, no warning on Windows 7 Pro x64 (user is admin and Windows Defender updated and running).

XYplorer version 17.00.0100

Windows 10 Pro x64
user is admin
Windows Defender version 1.227.95.0 (date= 2016-08-18)
surprisingly, I didn't need to reenter my registration/license code (it "remained" set).

links to other software reporting FALSE positive on Google Search.
https://www.google.com/search?q=Trojan% ... e&ie=UTF-8

[from another products user forum] To report your findings as false positive to the virus scanner companies. Procedures how to do this will differ. For Microsoft Defender use this page (Microsoft account is required): https://www.microsoft.com/en-us/securit ... ubmit.aspx

Windows Defender version and settings

2016-08-18 FALSE POSITIVE by Windows Defender for Troja_Win32-Fethar.B!cl.png (35.78 KiB) Viewed 3376 times

[Filehero]

No alerts on two machines over here.

W10_WDefender.png (8.38 KiB) Viewed 3369 times

Btw, the group the current user belongs to shouldn't matter at all.

FH

[admin]

I would have to hire somebody just for false positive reporting. The AV industry is a PITA we have to live with.

[petersboulton]

I would have to hire somebody just for false positive reporting. The AV industry is a PITA we have to live with.

Couldn't agree more. In any other field there would be recourse through the law for defamation. Their software is basically telling the world that your software is malicious. If that's not defamation, what is? Are there not clear financial consequences to you as a result?

In addition, these big av companies are completely impenetrable. Even if you are lucky enough to find an 'in', by the time anything happens either you have released a new version or they have.

And if the user is experienced enough to realise that it's 'probably' a false-positive, where's the assurance from running av? If it can find a false-positive surely the inverse is just as likely - i.e. missing an actual virus?

It completely sucks. And I wish there was some way to tackle the av industry on this issue. There doesn't seem to be. Sadly.

[ggonline]

Not a complaint, just FYI.

I am VERY HAPPY with XYplorer (should be built-in to the OS). Would buy it for everyone if I won the giant lottery

Just uninstalled, added file to Windows Defender exception list and reinstalled no alert/warning. (beware UNINSTALL may lose some settings, but I needed new start anyway and have backups).