VirusTotal agrees!


Status
Not open for further replies.

Steve

Administrator
Staff member
May 6, 2018
1,016
307
www.grc.com
Gang...

Release #64:

Release #60:

Something I've recently changed has really set off the major A/V scanners. I don't have the interim releases (61 62 63). But if anyone has been retaining others, I'd love to know that the A/V scanners at VirusTotal think about those.
 

PHolder

Well-known member
May 19, 2018
1,223
204
I would say your energies are better spent on making quality software. You know you're not making malware... let the crappy malware detectors waste their time and money figuring it out... you're never going to be able to build useful software that they won't initially complain about.

The only suggestion I would have would be to submit your next release to VirusTotal first before releasing it publicly... so you can at the same time post those results and give the detectors the best chance to get a clue as early as possible.
 

Steve

Administrator
Staff member
May 6, 2018
1,016
307
www.grc.com
The only suggestion I would have would be to submit your next release to VirusTotal first before releasing it publicly... so you can at the same time post those results and give the detectors the best chance to get a clue as early as possible.
Yes! I had once told myself to always do that... but I had forgotten that. :)
 

Paul F

Well-known member
Apr 11, 2019
96
29
Toronto
Something I've recently changed has really set off the major A/V scanners. I don't have the interim releases (61 62 63). But if anyone has been retaining others, I'd love to know that the A/V scanners at VirusTotal think about those.
Rel 62: 0/63
Rel 63: 0/70
 

Steve

Administrator
Staff member
May 6, 2018
1,016
307
www.grc.com
Ah... Paul... thanks! It occurs to me that I DID just get a reissued Authenticode Signing Cert from DigiCert! I'll bet that these A/V's are upset because this is the FIRST TIME that new certificate is being used!

I also just purchased and received a HARDWARE signing encryption dongle from DigiCert which will allow me to obtain EV signing of this code. I'm excited to see whether that makes Windows Defender and others happier.

Thanks!
 

Steve

Administrator
Staff member
May 6, 2018
1,016
307
www.grc.com
Now Virus Total detects the SAME Release #64 file as only 4/73, down from 6/73. Interesting. :)

I will be bringing the DigiCert hardware online and we'll see how it fares...

325
 
  • Like
Reactions: shanedk

Steve

Administrator
Staff member
May 6, 2018
1,016
307
www.grc.com
I have just re-signed Release 64 using the hardware token.
Now ONLY 1/69... "Cylance" has it marked "Unsafe" but without any followup rationale.
 

PHolder

Well-known member
May 19, 2018
1,223
204
I have just re-signed Release 64 using the hardware token.
Now ONLY 1/69... "Cylance" has it marked "Unsafe" but without any followup rationale.
This may just be a consequence of the passage of time... the numbers were already declining anyway. It will be interesting to see what happens with the next build/release (if/where the code itself changes again.)
 

Steve

Administrator
Staff member
May 6, 2018
1,016
307
www.grc.com
Yes.

And something else, Paul...

Virus Total "knew" that SQRL was issuing a DNS query to a bizarre looking domain "sqrl.{nonce}.ver.grc" and that it was resolving to 239.0.0.64. This means that it or something it actually RUNNING the executable in some sort of sandbox to see what it will do.

At the moment I'm preforming a PRE installation version check to detect that the user has an older release than what COULD be freshly downloaded. THAT behavior appears to be factoring into the decision to be skeptical about an unknown program with zero reputation.

Since that preemptive check wasn't ever really necessary, I'm considering NOT checking in with GRC until after the app is initially installed. That ought to shut it up and not cause the A/V checkers to worry as much.
 
Status
Not open for further replies.