Hello,
Regarding the GitHub-desktop package 3.5.1.0-1, we have a Trojan alert concerning the file "brotli.exe" (apparently a compression algorithm).
The antivirus is Trellix.
This file is located in the user's local AppData folder.
Have you received any reports about this?
For your information, I haven't noticed anything like this in previous versions.
[SOLVED] Github Desktop package: antivirus detection
Forum Rules
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
-
dcardon
- WAPT Expert
- Messages: 1929
- Registration: June 18, 2014 - 09:58
- Location: Saint Sébastien sur Loire
- Contact :
Hello Mikael,
I checked the wapt package itself, the installation MSI file, and the brotli.exe file (which itself comes from mingw64).
wapt package tis-github-desktop_3.5.1.0-1_x64_windows_PROD.wapt (result: "No security vendors flagged this file as malicious")
https://www.virustotal.com/gui/file/fcc ... dde1a30bd0
file GitHubDesktopSetup-x64.msi (result: "No security vendors flagged this file as malicious")
https://www.virustotal.com/gui/file/d89 ... a6d010c6e6
file C:\Users\Administrator\AppData\Local\GitHubDesktop\app-3.5.1\resources\app\git\mingw64\bin\brotli.exe (result: "No security vendors flagged this file as maliciousVendors flagged this file as malicious.
(https://www.virustotal.com/gui/file/224 ... 754d9cda13)
There's a version of Trellix on VirusTotal, and it's not reporting anything. Perhaps the status has been updated in the meantime. Could you please retest after updating the antivirus database?
Sincerely,
Denis
I checked the wapt package itself, the installation MSI file, and the brotli.exe file (which itself comes from mingw64).
wapt package tis-github-desktop_3.5.1.0-1_x64_windows_PROD.wapt (result: "No security vendors flagged this file as malicious")
https://www.virustotal.com/gui/file/fcc ... dde1a30bd0
file GitHubDesktopSetup-x64.msi (result: "No security vendors flagged this file as malicious")
https://www.virustotal.com/gui/file/d89 ... a6d010c6e6
file C:\Users\Administrator\AppData\Local\GitHubDesktop\app-3.5.1\resources\app\git\mingw64\bin\brotli.exe (result: "No security vendors flagged this file as maliciousVendors flagged this file as malicious.
(https://www.virustotal.com/gui/file/224 ... 754d9cda13)
There's a version of Trellix on VirusTotal, and it's not reporting anything. Perhaps the status has been updated in the meantime. Could you please retest after updating the antivirus database?
Sincerely,
Denis
Denis Cardon - Tranquil IT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
Thanks for the feedback.
The database is updated daily, and I deployed it a week ago. No one seems to have run it since...
Indeed, VirusTotal found nothing...
I just saw a new release, 3.5.2, on their website; I'll test it.
Edit: In v3.5.2, the executable works for Trellix.
The database is updated daily, and I deployed it a week ago. No one seems to have run it since...
Indeed, VirusTotal found nothing...
I just saw a new release, 3.5.2, on their website; I'll test it.
Edit: In v3.5.2, the executable works for Trellix.
-
dcardon
- WAPT Expert
- Messages: 1929
- Registration: June 18, 2014 - 09:58
- Location: Saint Sébastien sur Loire
- Contact :
Hi Mikaël,
thanks for the quick reply
. I'm marking the topic as resolved.
Denis
thanks for the quick reply
. I'm marking the topic as resolved.
Denis
Denis Cardon - Tranquil IT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
