Last FlexCel VCL Flagged As A Trojan...

Hi,


I'm setting up a new machine after a catastrophic hard-drive failure. I tried to download the TMS components. Most were OK but the latest VCL version of FlexCel was flagged by Windows Defender as containing a Trojan virus.I assume this is a false positive but I thought I'd let you know.

Also, I've now changed to Panda Security and cannot download the setup due to the 1 download per day policy. Any chance you can give send me another link or reset the count?

Thanks,

Steve

The issue with Defender must be a false positive. Unfortunately, these incorrect detections by Defender happend before and apparently keep happening.

We did reset the download counter, so you should be able to download again.

This is strange: we've had 2 other users reporting of Windows defender flagging it as a trojan (Foretype.A!ml)., but we couldn't see it in any of our machines, and it is not widespread or we would have thousands of reports from users by now. 


 We've checked the version of the virus definition files with the machines that had the problem, and they were the same version, so I don't know why defender is acting differently in some machines. In fact, those users could get the download by using a different machine with similar settings.
 
For what it is worth, I’ve googled the specific virus warning (I am not sure if it is the same you got), and it seems to be a false positive related to the innosetup installer:
https://forum.vivaldi.net/topic/31365/solved-trojan-script-foretype-a-ml-after-installing-download-from-official-site-likely-false-alarm

And looking at history, this specific warning does pop up from time to time (we had also another report in 2018 from the FlexCel .NET setup). As there is little in common between the binaries in FlexCel VCL and FlexCel .NET, it is likely that this is indeed related to the innosetup installer which is shared by both. I still don't know why some machines show the warning and most don't.

While we know it is a false positive, you can never be too paranoid in this stuff, so we uploaded the setup to virustotal, and you can see the results here:
https://www.virustotal.com/gui/file/6046135a3466be599c6c35ea3a0217f6d373a5f3bab4c2b58a543de8362480bf/detection

As you can see in the list, "Microsoft" shows as clean in virustotal, but not on some machines like yours. In the "Details" tag in that page you can see the SHA1 of the file we uploaded. Just to be 100% sure, when you get the latest version, you can check that the SHA1 is the same, or upload it yourself to virustotal.

About resetting the download count, well, before posting I had to reload the page, and now I see Bruno already did that :)

Thanks for the reset - installing as I type!


Steve

Same here. How did you go over the defender?

Installed Panda Security which disabled Windows Defender


Steve
I think that besides installing a different av, you should be able to temporarily disable the real-time av protection:

https://support.microsoft.com/en-au/help/4027187/windows-10-turn-off-antivirus-protection-windows-security

Thx again Adrian, worked.

Any chance that MS fix its virus signatures?
> ny chance that MS fix its virus signatures?

I don't really know, it is not on us. The strange part is that I don't see it here in a full up to date Win10 machine, and most customers don't see it either (or we would be flooded with support mails about it), but some users, with apparently the same Windows settings are seeing it. So I am not really sure on how it can be different in 2 machines with the same Windows installed.