Antivirus trigger

Antivirus trigger

Postby thecuz » 04.03.2019, 21:02

Hello,

When I try to download the latest version, wsusoffline116.zip, Immunet triggers an alert saying the file was detected with Win.Trojan.Generic::100.sbx.tg. Also, there is a trigger from my browser (Firefox) cache that had a W32.4448819D65-100.sbx.tg detection as well.

Looks like something in the zip file is setting off AV alerts.
thecuz
 
Posts: 2
Joined: 04.03.2019, 20:47

Re: Antivirus trigger

Postby aker » 04.03.2019, 22:30

Most likely a false positive.
The most AV scanners generally blacklist AutoIt3-Programs (used in wsusou for UpdateGenerator.exe/UpdateInstaller.exe).
I'd recommend you, to report the file as a false positive to your AV vendor.

A virus scan of a correctly downloaded and unmodified file can be found here:
:arrow: http://download.wsusoffline.net/wsusoffline116_virustotal.pdf

If you don't trust the binaries, you may compile them yourself (source code is in the archive UpdateGenerator.au3/UpdateInstaller.au3).
Wer Rechtschreibfehler findet, darf sie behalten oder an den Meistbietenden versteigern. / Everybody finding a misspelling is allowed to keep or sell it.
aker

WSUS Offline Update „Community Edition“
https://gitlab.com/wsusoffline/wsusoffline/-/releases
aker
 
Posts: 3999
Joined: 02.03.2011, 15:32

Re: Antivirus trigger

Postby thecuz » 05.03.2019, 15:09

It looks like wget.exe in the bin folder is the cause of the issue.

I was able to extract the zip file and individually scan the files and wget is the one that triggers the warning.

I submitted a false positive report to Immunet along with the wsusoffline116.zip file.
thecuz
 
Posts: 2
Joined: 04.03.2019, 20:47


Return to Download

Who is online

Users browsing this forum: No registered users and 43 guests