Messages

51

Tweaking.com Support & Help / Re: Trojan:Win32/Critet.BS - False positive from Defender?

« on: March 29, 2018, 06:36:35 am »

Looks like 1.263.1691.0 definitions there after have been corrected.

Everyone getting a clear now?

52

Tweaking.com Support & Help / Re: Trojan:Win32/Critet.BS - False positive from Defender?

« on: March 29, 2018, 06:33:14 am »

If you read the thread, it's the Admins who have been doing the work to get this fixed and the repair program has been proven to be safe.

Tell me - what has this got to do with what is has been reported from those who use the repair program -

Given this really weird time in cyberspace, I have gotten way more careful.  For example, the strong evidence now that the virus checker Kaspersky has been spying in our country's computers, got a 60 minutes sessions about the associated risks, and the US govt has banned it and required that every government agency that installed it must prove they removed it from their computers.   Or how about Facebook - not only is it clearly established that most of the communications on Facebook were fake bot software, but one of the board members at Facebook openly worked with Cambridge Analytica to find ways to help Trump get elected.

No one has mentioned the suspicion about Kaspersky and has no bearing on MS antivirus programs blocking the program - Facebook doesn't come into and neither does data collection or Trump getting elected.

Now do you see why I was questioning this ?

When Norton Security kicked out the .exe on mine, I knew it was a false positive and had no qualms about white listing the website to reinstall the program.

You are correct. the internet is not safe. Not at all. Nothing is sacred and your need to be aware of everything. You need to choose what you install very carefully.

You are also correct that this issue is not your problem and something we need to solve with Microsoft.

Our problem is that it is 100% a problem with Microsoft and we are trying to relay the information.

You can choose to whitelist it or not - but it should be cleared in all their definitions soon. I know they are working on it.

53

Tweaking.com Support & Help / Re: Trojan:Win32/Critet.BS - False positive from Defender?

« on: March 28, 2018, 05:15:12 pm »

Well, the problem is THEY are Microsoft and we are a couple of guys. So in you analogy - we are the poop.

The antivirus world is like this though. You guys are just seeing this one right now. But it is very common for all the smaller authors. Don;t get me started on the whole PUP bullsh*t going on out there now.

I did hear back from tech support who confirmed there is no detection.

They recommended this:

Please try the following steps to clear cached detections and obtain the latest malware definitions.

 
1. Open command prompt as administrator and change directory to c:\Program Files\Windows Defender 

2. Run “MpCmdRun.exe -removedefinitions -dynamicsignatures”

can someone try it and let me kknow.

54

Tweaking.com Support & Help / Re: Trojan:Win32/Critet.BS - False positive from Defender?

« on: March 28, 2018, 12:37:53 pm »

Right.. Now you see the dilemma.

I suppose Guinness or a class a rant is in order. 


I filed a dispute with them just now. It felt funny filing a dispute on a clean file but... we live in funny times.

55

Tweaking.com Support & Help / Re: Trojan:Win32/Critet.BS - False positive from Defender?

« on: March 28, 2018, 08:38:40 am »

arrrrgh

This is becoming an issue for a number of people.
https://answers.microsoft.com/en-us/protect/forum/protect_defender-protect_scanning-windows_10/false-positive-by-windows-defender-win32critetbs/13dc2ef4-2b24-40ca-87d4-74f35b0b79bf
https://github.com/processing/processing/issues/5442
https://www.reddit.com/r/KerbalSpaceProgram/comments/84mcqc/windows_defender_finding_trojan_in_ksp_files/
https://github.com/shadowsocks/shadowsocks-windows/issues/1746
https://github.com/fsprojects/Paket/issues/3121
https://www.onehouronelife.com/forums/viewtopic.php?pid=3521
There are a lot more.


All the authors are getting the same issue. The file comes up clean in the submission system, but is dectect on the home user. It effects both VB and Unity game programing languages.  It sems that it is a heuristic issue with defender but it looks like they are having an issue dealing with it.

Maybe if some of you all submitt the false postive as users?

https://www.microsoft.com/en-us/wdsi/filesubmission

56

Tweaking.com Support & Help / Re: Trojan:Win32/Critet.BS - False positive from Defender?

« on: March 27, 2018, 12:53:33 pm »

Yeah - I wrote them separately on essentials.  Seems that one takes longer

57

Tweaking.com Support & Help / Re: Trojan:Win32/Critet.BS - False positive from Defender?

« on: March 27, 2018, 09:17:50 am »

I JUST updated to the latest 1.263.1584.0 def from Microsoft  and it is showing as clean. Finally!

Our best guess -- and it is just a guess but a guess from experience - is that there was something wrong with the defs over the weekend and they fixed it. Then it looks like they rolled it back - then fixed it again. Probabaly having to fix the fix. But, now it looks fixed.

Problem is not everyone updates at the same time and it can take a few days to roll out.

58

Tweaking.com Support & Help / Re: Trojan:Win32/Critet.BS - False positive from Defender?

« on: March 26, 2018, 03:39:15 pm »

This is strange because the submission system says it is clean.... and it is.

Clearly they are having some sort of definition issue. I will try and get some clarity.

59

Tweaking.com Support & Help / Re: Trojan:Win32/Critet.BS - False positive from Defender?

« on: March 25, 2018, 04:03:54 pm »

I literally just got another notification from them saying it was cleared. I reported it on Essentials as well.  Maybe their essential definitions run behind or they missed it the first time. But it should clear up soon.

60

Tweaking.com Support & Help / Re: Trojan:Win32/Critet.BS - False positive from Defender?

« on: March 24, 2018, 04:50:18 pm »

Just wrote in to let them know that defender is OK but essentials is still a problem.  We will see if that helps. They tend to be pretty quick/

61

Tweaking.com Support & Help / Re: Trojan:Win32/Critet.BS - False positive from Defender?

« on: March 24, 2018, 04:45:30 pm »

Dang. It is indeed cleared by MS but via virus total and their own site ( see attached)
https://www.virustotal.com/#/file/55d0bd20f9f8b28e6385bc530c25fdd25f094dc32b4834ef3f33d348a6cb8bfc/detection

Defender and essential use the same definitions.  I'll write and see what they think. Could be your didn't update?

62

Tweaking.com Support & Help / Re: Trojan:Win32/Critet.BS - False positive from Defender?

« on: March 24, 2018, 10:34:18 am »

Yeah - we contacted them about 3 seconds after we found out. I believe it took them 6 hours to responded that it was fixed. There was never anything to do with anything on a user end. It was their mistake on matching.

No they never told us why, but it wasn't just our program it was a number of them around the web.

I would love it if they told us why - but it was most likely a coding error on their end and if they admitted it they would open up to legal issues.  Especially since what I have been able to divine is the programs that were flagged all used api calls to VB -- which is Microsoft's programming language. So essentially Defender flagged VB.  So whoever or however they made the error - it will never come out of Redmond.

Each time we release the exe is recompiled. So the 4.0.14 would have a completely different hash and "look" than 4.0.15.  When we release 4.0.16 odds are something will flag it as a false positive after release. It may not be defender, but it will be something. This shit happens all the time with every one of the antivirus apps - it is the bain of the software authors existence. It's annoying but part of how the security industry works.

63

Tweaking.com Support & Help / Re: [2018-03-23] Winrep18 (4.0.15+) {Rant and Rave}

« on: March 23, 2018, 08:52:21 am »

I believe if you run the .exe  with  /silent  it will do what you want.
The sinlge click idea we started introducing in 4.0 but would love input on that. In fact. if you would write me are support @ tweaking . com I;d love to pick your brain and hear some of your suggestion as we are working on the UI as we speak.

64

Tweaking.com Support & Help / Re: Trojan:Win32/Critet.BS - False positive from Defender?

« on: March 23, 2018, 08:19:41 am »

OK all you tweaking virus experts, I think I'm back in the right place now. I hit the wrong button last time and double posted. Sorry !

We can all carry on about all the virus protection programs giving out false positives, but I'd like Shane or jpm to ponder this :

Why does v4.0.15 get flagged for the Critet virus but v4.0.14 DOES NOT  ??  Something ain't right

And to Boggin, Major Geeks should have v4.0.14. It works just fine.

fab

We do not know exactly why. It could be something as simple as pattern matching. I remember a friend had his credit card number detected as a virus because part of the numbers matched the hash on a known virus - true story. Heck Malwarebytes detected my personal photography as a virus a couple months back. Explain that one.

In this case a LOT of files were detected from a LOT of companies. All we know is that they all use VB -- so it had something to do with that.  But exactly what, no idea.  Our product is 100% clean. They were wrong and they aren;t about to tell us why they were wrong for all the reasons you would suspect. It certianly isn't something we can prepare for either. Someone at MS made a mistake. They fixed it. But that is exactly how the antivirus world works.  Happens ALL the time.

It is better to have an AV than nothing - but really it is a lot of security theater.

65

Tweaking.com Support & Help / Re: Trojan:Win32/Critet.BS - False positive from Defender?

« on: March 19, 2018, 08:22:27 am »

People have - because of good marketing - the belief that antivirus companies keep them safe and are perfect.  I have 20 years in the software business that says that they are mainly full of crap.

Antivirus apps are more and more becoming modern day scareware and less and less a protection software.

But to restate what I said, false postives with ALL antivirus apps are commonplace.  When it happens, it is incumbant on the author of the software to notify the AV company detecting them to fix it.

In this case, from reading about other software the was hit with the "Critet.BS " designation (Seems BS stands for BullShit) - it looks like Windows Defender was tagging  that used certian funtions in VB.net programing language.  For those who don;t know, VB.net is a micorosft programming language.

How do you hold Tweaking.com responsible for that?

66

Tweaking.com Support & Help / Re: Trojan:Win32/Critet.BS - False positive from Defender?

« on: March 18, 2018, 11:29:19 am »

I think you misunderstand how the entire antivirus thing works. Microsoft, Malwarebytes, Avira - all of them have false positive. Hell. Malwarebytes detected some of my photos the other day as virus (which BTW isn't even possible). They do it as a matter of course.

The dirty secret is some company's - the big ones  - are white listed. They can do whatever they like and release whatever they like. That is dangerous. Small companies are not - we use something called code signing which validates our product - but sometimes that is plain ignored, missed and we get  "false positive" detections

The antivirus companies further more depend on from known lists - most of which are t the same. Meaning they all the detect the same known thing. Hence., they realty detect something that isn't known -- until someone discovers it and it comes on the list.

To try and get around this they use heuristics  that try and uses that something may be in the realm of a viral infection -- that leads to more false positives.  Don't believe me, read it from one of the best utility programmers ever. https://www.nirsoft.net/false_positive_report.html  This is why you see "generic" or "Trojan.gen" a lot. meaning they have no idea what this is and it could be something generic -- or nothing.

There is no way for us to know when and if someone will detect our software as a false positive -- and it happens a lot. We have to wait for them to make a mistake and report it to them. Then wait for them to fix it. Which sucks for us.

Hell I wrote a company called cylance like 3 months ago and they still haven't fixed it. I suppose that is why no one uses cylance. Clearly, they don't keep pace.
 
In this case Microsoft plain screwed up something and detect a crapload of software with the same thing.
https://forum.kerbalspaceprogram.com/index.php?/topic/172357-trojanwin32critetbs/

We reported it, they fixed it - I don't expect and apology from them. But that is how the system unfortunately works. It sucks, but that is what it is.

We do our job correctly and produce quality clean software. If you don't want to white list it, that's your call. Just wait for the next update and we will be cleared.   But you, as consumers have to take a stand to help fight the false positive problem.  Authors have been fighting it to no avail.

I would have thought that that shouldn't be our job, we just purchased the license.  I had the impression that the program is supposed was developed with Microsoft's blessing.  It's not right for every user to have to struggle with Microsoft to make sense of it.  I thought the idea was you do the work and we pay for the license.  So now we're supposed to multiply efforts between us all when we have no idea what is going on.

I don't want to whitelist it because maybe how do I know the program doesn't actually have a Trojan in it?  As it is I'm getting paranoid with all this cyber hacking.  E.g., from what I read I'm pretty sure Kaspersky virus checker seems to have been hacking user's computers on behalf of Putin (the US govt is barring its use)

I just got the trojan message from Microsoft Defender today, I bet there will be lots more than already reported it.  Isn't it Tweaking.com's job to make sure that we are safe?

Rani

67

General Computer Support / Re: Images not loading in Outlook 365 and Data not loading in App

« on: March 14, 2018, 04:14:01 pm »

Just a guess -- But I'll wager there is an error in the audacity manifest.

68

Tweaking.com Support & Help / Re: Help wirh Envelope Printer v2.0.1

« on: March 12, 2018, 12:50:39 pm »

Scroll about 3/4th down. The US Commercial 6 3/4 is there.

69

Tweaking.com Support & Help / Re: Ran REPAIR and monitor is not recognized/VGA seems broken

« on: March 12, 2018, 10:03:36 am »

Ok - 1st. If you can restore the registry than the repairs will be put back.  That said, yes, hard without a monitor.

2nd - If you are not seeing any monitor prior to booting - than it is not  a windows driver issue and hence not a repair issue. So if you have no monitor to see the biosd or posts screens - it is either the monitor or vid card.

I am assuming that is no the case else you would not see that message. So you should be able to get to the bios.

If it is driver related, you can boot into safe mode and relaod the driver from there.
YOu can get the driver here: https://www.asus.com/us/Motherboards/PRIME-X299-DELUXE/HelpDesk_Download/

70

Tweaking.com Support & Help / Re: Cannot authenticate registration key on LAN

« on: March 12, 2018, 08:02:30 am »

99% certain you need to speak to whoever is in charge of your firewall at work and have then allow Tweaking.com as a site.

71

Tweaking.com Support & Help / Re: Envelope Printer 2.0.1 not printing properly

« on: March 10, 2018, 04:04:09 pm »

I have a center feed HP that works fine.  I haven't used a brother before. Which model?

1) Are you selecting the right printer from the program? It may still be selected to the old dead printer.
2) If you click the print preview window in the program, does it look correct?

72

Tweaking.com Support & Help / Re: Help wirh Envelope Printer v2.0.1

« on: March 10, 2018, 11:34:20 am »

I think if you do have a post script enabled printer than the custom settings show up. If now. they don't.

You probably do not have a post script printer as that is sort of old.

The way I handle it is to pick an envelope size that is close - then use the offset functions to dial in exactly what I want.

73

Tweaking.com Support & Help / Re: Windows Repair (All in One) Keeps Deleting Quick Launch

« on: March 07, 2018, 02:17:15 pm »

I haven't heard of this before - but I suspect it may be a permission problem due to you running an old version.  I suspect the issue would not happen if you were current.

However, if somethign does happen, just right click on your taskback in a blank space and select "new task bar"

for the folder paste in this

%APPDATA%\Microsoft\Internet Explorer\Quick Launch

click enter and it should be back.

74

Tweaking.com Support & Help / Re: Whats up.... :(

« on: January 25, 2018, 01:46:57 pm »

profix - can you email me directly at support @ tweaking . com

I want to get some logs and some data about your machine
\
Thanks!

75

Tweaking.com Support & Help / Re: Whats up.... :(

« on: January 09, 2018, 05:56:30 pm »

The repairs form 3.0 to 4.0 are essentially the same. The difference is in the pro features.  Did you run any of those? Or any of the tweaks after the fact?