flat assembler
Message board for the users of flat assembler.

Index > Feedback > FAsmG triggering anti-virus

Author
Thread Post new topic Reply to topic
TheRaven



Joined: 22 Apr 2008
Posts: 89
Location: U.S.A.
TheRaven
Downloaded fasmg on two separate occasions where both events triggered an anti-virus software report and effective deletion of the downloaded file. The fasmg down-load is categorized as viral more specifically identified as malware. Am not certain if the file contents have been compromised on the server-side or the issue is simply client-side false positive.

Would prefer the issue resolved on my end, but for security reasons recommend the file's review addressing possible corruption. Consider providing check-sums/hashes for FAsm downloads expediting the differentiation between fasm and malicious code limiting impact from similar events in the future.

Thanks for your time and effort developing fasm and any consideration you offer this incident TG.

Currently, my device employs Windows 10 32-bit using Windows Defender for anti-virus services. Windows 10 is set to run in user mode contrast to developer mode; more than likely Win10 Defender definitions need updated to include FAsmG in the friendly list.

FAsm 1 download packages did not not trigger antiviral response from Windows 10 Defender.

_________________
Nothing so sought and avoided more than the truth.
I'm not insane, I know the voices in my head aren't real!


Last edited by TheRaven on 27 May 2016, 20:29; edited 1 time in total
Post 26 May 2016, 20:34
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17474
Location: In your JS exploiting you and your system
revolution
Yet another AV failure. Why people trust them is beyond my ken. Time to delete your AV. More trouble than they are worth.
Post 27 May 2016, 01:53
View user's profile Send private message Visit poster's website Reply with quote
Tomasz Grysztar



Joined: 16 Jun 2003
Posts: 7753
Location: Kraków, Poland
Tomasz Grysztar
virustotal.com shows a negligible detection ratio: https://www.virustotal.com/en/file/82aa266ae0a84d9b75ca8c07f1ac77e8e8841aa9e1deaf7677c2e598621bd84b/analysis/1464335475/
The false alarms on fasm 1 packages used to be much worse.
Post 27 May 2016, 07:54
View user's profile Send private message Visit poster's website Reply with quote
shoorick



Joined: 25 Feb 2005
Posts: 1607
Location: Ukraine
shoorick
seems, baidu tries to protect us from wisdom Cool
Post 27 May 2016, 10:03
View user's profile Send private message Visit poster's website Reply with quote
TheRaven



Joined: 22 Apr 2008
Posts: 89
Location: U.S.A.
TheRaven
Off topic thanks to Shoorick for his work on WaFAsm Studio.

Virus Total seems in need of update to its report that fasmg is passive regarding Microsoft antivirus identification and treatment. Apparent that assembler is still scoffed as black-hat special interest lowering allegation that HLL developers have evolved intellectually over the last two decades.

Thanks for the response Tomasz; FAsm being so available and very popular among assemblers assume it understood by O.S. and antivirus software developers and vendors --guess I'm the fool in this matter. Perfect example of the blind leading the blind...

In closure thought the matter should be discussed for general safety consideration and am very aware of legacy antivirus reports concerning FAsm 1. Just seems that antivirus and operating system devs/vendors should have caught up with 2016, but sadly is same old sh!t marketing laziness.
Post 27 May 2016, 18:38
View user's profile Send private message Reply with quote
TheRaven



Joined: 22 Apr 2008
Posts: 89
Location: U.S.A.
TheRaven
shoorick wrote:
seems, baidu tries to protect us from wisdom Cool


IKR - pathetic. Rolling Eyes

_________________
Nothing so sought and avoided more than the truth.
I'm not insane, I know the voices in my head aren't real!
Post 27 May 2016, 20:23
View user's profile Send private message Reply with quote
TheRaven



Joined: 22 Apr 2008
Posts: 89
Location: U.S.A.
TheRaven
Good news - I can now download FAsmG without triggering Windows Defender BS. You'd think that Microsoft would know about FAsm due to the fact that its been around since Win2K Pro (for me anyway) and that was how long ago? Too d^mn long for this crap to occur.

Anyway, I'm happy now ...and back to business.
Post 10 Sep 2016, 18:36
View user's profile Send private message Reply with quote
donn



Joined: 05 Mar 2010
Posts: 184
donn
Getting this again with fasmg on Win10 with Windows Defender.

Trying to upgrade one of my four current projects to use CALM today.

If anyone else gets this, I assume you can turn Defender off, but alternatively you can:
1. Go to Windows Security -> Open Windows Security.
2. Virus & threat protection.
3. Protection history.
4. Find 'Thread blocked' Severe at the timestamp it occurred.
5. Allow via UAC.
6. Actions->Allow on the Affected item: file: C:\Users\User\Downloads\fasmg\fasmg.exe
Threat detected: Trojan:Win32/Wacatac.C!ml

I thought the Win exe was left out, buried in a separate folder, or we had to build from source now! After the steps above, .exe came back. Now on to upgrading this project so I don't have to keep fully qualifying local variables (will be a huge timesaver)..
Post 24 Mar 2020, 16:14
View user's profile Send private message Reply with quote
Tomasz Grysztar



Joined: 16 Jun 2003
Posts: 7753
Location: Kraków, Poland
Tomasz Grysztar
It seems like a recent surge of false detections: https://www.virustotal.com/gui/file/b377ed4a6dc1adf40718bc0a3485693656b84512f004f5782786ef1fe879e5e9/detection

I wanted to investigate what's triggering it, but for some reason Defender on my machine has stopped detecting it even after I removed it from Allowed list.

I can only ask everyone that if you have an opportunity to report such problems to AV providers, please do so.

Note that you can always assemble fasmg from scratch using fasm 1, or use a Linux version of fasmg to assemble the Windows version, etc. For extreme safety, you might even assemble with listing (through .fas when assembling with fasm 1, or with listing.inc in case of fasmg) and then review all the bytes. Wink
Post 24 Mar 2020, 16:22
View user's profile Send private message Visit poster's website Reply with quote
donn



Joined: 05 Mar 2010
Posts: 184
donn
With Windows Defender, seems the options are not that great. I reached out to Msft support and they said the site would have to reach out to them unfortunately. I included the chat as an attachment.

And yes, thought the omission of the .exe was initially a new challenge, where we now had to assemble ourselves. Wouldn't mind that challenge and seems fitting as part of an assembler download.


Description:
Download
Filename: MsftChat.txt
Filesize: 2.4 KB
Downloaded: 83 Time(s)

Post 24 Mar 2020, 17:29
View user's profile Send private message Reply with quote
Tomasz Grysztar



Joined: 16 Jun 2003
Posts: 7753
Location: Kraków, Poland
Tomasz Grysztar
They have a publicly available form where anyone can report a false positive. However I'm not doing this now, because Defender no longer detects anything in fasmg.exe on my machine - maybe it's the updated definitions, I don't know.
Post 24 Mar 2020, 18:11
View user's profile Send private message Visit poster's website Reply with quote
donn



Joined: 05 Mar 2010
Posts: 184
donn
OK submitted report!
Post 24 Mar 2020, 19:48
View user's profile Send private message Reply with quote
donn



Joined: 05 Mar 2010
Posts: 184
donn
That was fast! Looks like they resolved:
Submission details
fasmg.exe
Status: Completed
Submitted: Mar 24, 2020 3:46:32 PM
User Opinion: Incorrect detection
Analyst comments:

We have removed the detection. Please follow the steps below to clear cached detection and obtain the latest malware definitions.

1. Open command prompt as administrator and change directory to c:\Program Files\Windows Defender
2. Run “MpCmdRun.exe -removedefinitions -dynamicsignatures”
3. Run "MpCmdRun.exe -SignatureUpdate"

Alternatively, the latest definition is available for download here: https://www.microsoft.com/en-us/wdsi/definitions

Thank you for contacting Microsoft.
Post 25 Mar 2020, 00:22
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on YouTube, Twitter.

Website powered by rwasa.