Windows Defender now suddenly considers the Makeobj-Extended binary from the Bridgewater-Brunel server a severe security threat and quarantines it instantly. Which one is at fault?
Quote from: Rollmaterial on December 23, 2017, 07:30:22 PM
Windows Defender now suddenly considers the Makeobj-Extended binary from the Bridgewater-Brunel server a severe security threat and quarantines it instantly. Which one is at fault?
I do not know how Windows Defender works, so it is very hard to tell. I do not know whether Makeobj-Extended has some memory leak or similar that might be triggering the warning? I do not generally check for this, as a memory leak in makeobj makes little difference in practice.
QuoteI do not know how Windows Defender works, so it is very hard to tell. I do not know whether Makeobj-Extended has some memory leak or similar that might be triggering the warning? I do not generally check for this, as a memory leak in makeobj makes little difference in practice.
Likely Windows Defender uses a heuristic algorithm to detect malicious like code. It is possible that a small part of the binary triggers the detection for a piece of malicious software that was freshly added to its database. Solving it could be as simple as making enough changes so the detection no longer triggers.
If it is a warning one can tell it to ignore it from a user perspective. Depending on the program features of the anti virus one can even add that sort of file to exclusions.
Another, more permanent, way to solve this is to sign the executable with an asymetric cryptographic key authorised from some cryptographic provider. Instead of Windows 10 saying the executables may be unsafe and requiring one press "more" to run them, they would come up with a proof of authenticity prompt before continuing. Such prompts are seen when installing all reputable software such as products from Microsoft, Adobe, NViaia, AMD, Intel, Google, Oracle, etc...
Quote from: DrSuperGood on December 24, 2017, 12:54:00 AM
Likely Windows Defender uses a heuristic algorithm to detect malicious like code. It is possible that a small part of the binary triggers the detection for a piece of malicious software that was freshly added to its database. Solving it could be as simple as making enough changes so the detection no longer triggers.
If it is a warning one can tell it to ignore it from a user perspective. Depending on the program features of the anti virus one can even add that sort of file to exclusions.
Another, more permanent, way to solve this is to sign the executable with an asymetric cryptographic key authorised from some cryptographic provider. Instead of Windows 10 saying the executables may be unsafe and requiring one press "more" to run them, they would come up with a proof of authenticity prompt before continuing. Such prompts are seen when installing all reputable software such as products from Microsoft, Adobe, NViaia, AMD, Intel, Google, Oracle, etc...
May I ask how one might go about setting that up for a nightly build system?
Sorry I only know about signing executables, not actually how to do it. Seeing how common it is in this day and age the process should not be that hard to set up I would imagine. Hardest part is getting the authenticated keys, as unfortunately that is not usually free.
Quote from: DrSuperGood on December 24, 2017, 02:31:28 AM
Sorry I only know about signing executables, not actually how to do it. Seeing how common it is in this day and age the process should not be that hard to set up I would imagine. Hardest part is getting the authenticated keys, as unfortunately that is not usually free.
That does not really seem to be an appropriate sort of process for free software.