Page 1 of 1
MSFT Defender Win32/Varpes.L!plock in SABnzbd-1.0.0RC1-win32
Posted: February 15th, 2016, 10:22 pm
by ptr727
MSFT Defender on my Win10 system just tagged SABnzbd-1.0.0RC1-win32-setup.exe as infected with Win32/Varpes.L!plock.
This must be a new def for the detection, as the file has been on my disk for a while, and now is the first time Defender complained.
Anybody else experience anything like this?
I hope it is a FP?
P.
Re: MSFT Defender Win32/Varpes.L!plock in SABnzbd-1.0.0RC1-w
Posted: February 15th, 2016, 10:31 pm
by ALbino
I just ran it through Virus Total and it comes back failing on 2 out of 54 AV scanners:
SHA256: 6f1375aa6872012e5090a3fd81a20498e2a66748b972ea57d18f749a5ca2ab80
File name: SABnzbd-1.0.0RC1-win32-setup-github.exe
Detection ratio: 2 / 54
Analysis date: 2016-02-16 03:28:00 UTC ( 2 minutes ago )
ClamAV: Win.Trojan.FakeAV-75137
Rising: PE:Malware.RDM.02!5.8 [F]
https://www.virustotal.com/en/file/6f13 ... 455593280/
Re: MSFT Defender Win32/Varpes.L!plock in SABnzbd-1.0.0RC1-w
Posted: February 16th, 2016, 6:38 am
by shypike
Very likely a false positive.
Two out of 54 and both reporting different viruses.
I'll check. In the past we've had an FP due to a compressed SQLite library.
Maybe we forgot to uncompress it on the latest VMWare build image.