Anti-Virus, App, & Browser Control false alarms

Υποστήριξη και συζήτηση στα Ελληνικά.
csterg
Site Admin
Posts: 8627
Joined: Tue Aug 29, 2006 3:09 pm
Location: Corfu, Greece
Contact:

Anti-Virus, App, & Browser Control false alarms

Post by csterg »

Hi All,
it is no unusual for Anti-Virus programs to report false alarms on theWord Bible software or accompanying modules installers. Unfortunately there is no easy way to avoid such false alarms. It seems that the safest bet for those cases is to manually whitelist with the AV vendors the software itself.

If you are a regular user and you come up with a AV threat, please post here the details of the warning (AV vendor, product, version and info on false positive) so someone can go through the process of contacting the AV vendor and manually white-listing the software. This is a very sad situation, especially in light of the effort that has been made to make theWord available for free to everyone. I hope that the community can help eliminate such cases.

Here is a useful link to check any .exe file for possible virus with several different AV programs: https://www.virustotal.com/
Thank you
Costas

[Edit here is another helpful link for other software that can block the installation.]
mrbulow
Posts: 1
Joined: Thu Aug 27, 2015 10:27 pm

Re: Anti-Virus programs false alarms

Post by mrbulow »

I had problems downloading due to virus false-alarms. My workaround was to use a web service a called Save Web Files, and save theWord directly to Dropbox. That got it past the anti-virus and I was able to install.
Angela711
Posts: 1
Joined: Thu Oct 01, 2015 6:48 am

Re: Anti-Virus programs false alarms

Post by Angela711 »

I use Norton Security and this is what it says for me.

Filename: tw3main.exe
Threat name: SONAR.Heuristic.132Full Path: Not Available
SONAR Protection monitors for suspicious program activity on your computer.
tw3main.exe Threat name: SONAR.Heuristic.132
Locate

Unknown
It is unknown how many users in the Norton Community have used this file.

Unknown
This file release is currently not known.

High
This file risk is high

File: c:\users\angela\appdata\local\temp\se_289867361\ tw3main.exe No Action Required
File: c:\program files (x86)\The Word\ english.lng Threat Removed
Directory: c:\users\angela\appdata\local\temp\ nsi3b00.tmp Threat Removed
____________________________

System Settings Actions

Event: Process start (Performed by c:\users\angela\appdata\local\temp\se_289867361\tw3main.exe, PID:5652) No action taken
Event: PE file creation: c:\users\angela\appdata\local\temp\nsi3b00.tmp\ system.dll (Performed by c:\users\angela\appdata\local\temp\se_289867361\tw3main.exe, PID:5652) No action taken
Event: Process start: c:\users\angela\appdata\local\temp\se_289867361\ tw3main.exe, PID:5652 (Performed by c:\users\angela\appdata\local\temp\se_289867361\tw3main.exe, PID:5652) No action taken
____________________________


File Thumbprint - SHA:
Not available
File Thumbprint - MD5:
Not available

I am able to bypass security, but not sure if it is safe to.
Thank you.
Angela
csterg
Site Admin
Posts: 8627
Joined: Tue Aug 29, 2006 3:09 pm
Location: Corfu, Greece
Contact:

Re: Anti-Virus programs false alarms

Post by csterg »

Thanks Angela.
davidcoxmex
Posts: 184
Joined: Wed Aug 20, 2008 4:50 pm
Location: Mexico

Re: Anti-Virus programs false alarms

Post by davidcoxmex »

PARA HABLADORES DEL ESPAÑOL

Esta entrada es sobre alertas falsas cuando tratas de instalar theWord en tu computadora. A veces esto pasa. No hay forma fácil para resolver esto. Lo más "fácil" es que tu programa de antivirus poner el software theWord en una lista blanca de programas sin virus.

Si tienes un aviso, por favor pon los datos del asunto aquí y Costas y yo vamos a investigarlo para ver si podemos ponerlo en una lista blanca.

También se puede analizar cualquier archivo "exe" usando el sitio https://www.virustotal.com/.

Solución 1:

Usa un servicio web que se llama Save Web Files, y descargar directamente a Dropbox. Desde allí instala el programa.

Solución 2:

Se puede apagar tu antivirus y instalar el programa después, y luego rebootear. Este tiene el riesgo de que si el exe ha sido infectado, vas a infectar tu computador.

Anota que el procedimiento correcto será
1) Entra en el ordenador de tareas (Control-Alt-Del), y parar el programa de antivirus que tienes.
2) descargar theword desde el sitio oficial theword.net. Anota donde lo descargaste.
3) Antes de correr el programa que descargaste, rebootea el sistema para que el antivirus ya está trabajando.
4) Ahora abre el antivirus y analiza el archivo de descarga. Si no encuentra virus, bien. Si encuentra virus, o dice que es virus, de nuevo tienes que ver si quieres presumir que es un alerto falso negativo, o si está bien el archivo.
5) instala theWord.

Observación: Yo uso theWord en forma compacta, esto es, instalado en tal forma que el sistema operativo no sabe que existe. No hay entradas en el registro, no hay nada que Windows va a saber que aun existe. Este se llama instalación a USB, y se puede usar así. Entonces si vas a un cafe internet y descargas el programa a un USB, se puede usarlo así. Trae tal USB a tu computadora y escanea con el antivirus. Si pasa bien, copia la carpeta entera a tu disco duro y va desde allí. La desventaja es que como no está registrado con tu sistema operativa, el clic en un archivo de theWord no va a instalar el módulo a la carpeta correcta ni va a poder abrir theWord así.
In Christ,
Pastor David Cox
davidcox (at sign) davidcox.com.mx
LeeJames
Posts: 28
Joined: Wed Sep 26, 2012 10:30 pm
Location: England

Re: Anti-Virus programs false alarms

Post by LeeJames »

I really would like to upgrade to version 5 but I simply cannot do that when the software is reported as containing malware by several different scanners.

For now I'll have to stick with version 4, which comes up clean on all the virus scans (except one).

My suggestion to Costas would be to please revert the program back to however it used to work in version 4, before it started showing as containing malware.
User avatar
JG
Posts: 4659
Joined: Wed Jun 04, 2008 8:34 pm

Re: Anti-Virus programs false alarms

Post by JG »

I have alerted Costas to this potential issue.

You could always just update to the latest beta file if that shows clean.
Jon
the
Word 6 Bible Software
OS for testing; Windows 10
Beta Download ------Beta Setup Guide------On-line Manual------Tech doc's and Utilities------Copyright Factsheet
csterg
Site Admin
Posts: 8627
Joined: Tue Aug 29, 2006 3:09 pm
Location: Corfu, Greece
Contact:

Re: Anti-Virus programs false alarms

Post by csterg »

Lee wrote:I really would like to upgrade to version 5 but I simply cannot do that when the software is reported as containing malware by several different scanners.

For now I'll have to stick with version 4, which comes up clean on all the virus scans (except one).

My suggestion to Costas would be to please revert the program back to however it used to work in version 4, before it started showing as containing malware.
I will have to disagree: check it out here: https://www.virustotal.com
It comes clean from every AV
Costas
LeeJames
Posts: 28
Joined: Wed Sep 26, 2012 10:30 pm
Location: England

Re: Anti-Virus programs false alarms

Post by LeeJames »

csterg wrote:I will have to disagree: check it out here: https://www.virustotal.com
It comes clean from every AV
Costas
That's strange, when I scan it, it shows as malware with four different scanners, here's a screen grab:
https://imgsafe.org/image/a9f49734a1

I got the installer file from the main download page (http://www.theword.net/index.php?article.download), choosing the link under "Upgrade from a previous version" (I don't want to lose my settings.)

I'd also like to point out that the downloader page doesn't say anything about which version number it is that you're downloading. If anyone goes to that page to see if there's a new version, they won't know.
csterg
Site Admin
Posts: 8627
Joined: Tue Aug 29, 2006 3:09 pm
Location: Corfu, Greece
Contact:

Re: Anti-Virus programs false alarms

Post by csterg »

I re-checked, I get the same results.
I checked the binary files on the sites, they are correct, nothing has been tampered.

Here are your options:
1. Trust the file and run it
2. Get an archive from http://www.theword.net/files/beta and just overwrite your theword.exe (it works)
3. Don't upgrade

I have no idea whatsoever how to make every AV happy out there. Actually I can't, there is no way to do this. These AV have bugs and report false positives, so it's just a question of trust. This is the new era of the Internet, sorry

Costas
LeeJames
Posts: 28
Joined: Wed Sep 26, 2012 10:30 pm
Location: England

Re: Anti-Virus programs false alarms

Post by LeeJames »

csterg wrote: 2. Get an archive from http://www.theword.net/files/beta and just overwrite your theword.exe (it works)
Thank you Costas, that worked perfectly! :) It's not that I don't trust you personally, I just have to be really careful about malware, because I am doing important work for the Lord and would not want to risk losing what I'm working on because it's so important.

But I am sincerely very grateful to you. In fact I have just made a thread of gratitude here:
viewtopic.php?f=3&t=7432
csterg
Site Admin
Posts: 8627
Joined: Tue Aug 29, 2006 3:09 pm
Location: Corfu, Greece
Contact:

Re: Anti-Virus programs false alarms

Post by csterg »

Lee wrote:
csterg wrote: 2. Get an archive from http://www.theword.net/files/beta and just overwrite your theword.exe (it works)
Thank you Costas, that worked perfectly! :) It's not that I don't trust you personally, I just have to be really careful about malware, because I am doing important work for the Lord and would not want to risk losing what I'm working on because it's so important.

But I am sincerely very grateful to you. In fact I have just made a thread of gratitude here:
viewtopic.php?f=3&t=7432
Lee, i totally understand. Trust me, even if i trust me .exe files, I always have the fear that maybe the hostinsg provider gets hacked and someone injects a virus on the .exe files there...
User avatar
JG
Posts: 4659
Joined: Wed Jun 04, 2008 8:34 pm

Re: Anti-Virus programs false alarms

Post by JG »

Costas, would it help to put a MD5 hash so that ones would know the file is as you intended.
Jon
the
Word 6 Bible Software
OS for testing; Windows 10
Beta Download ------Beta Setup Guide------On-line Manual------Tech doc's and Utilities------Copyright Factsheet
csterg
Site Admin
Posts: 8627
Joined: Tue Aug 29, 2006 3:09 pm
Location: Corfu, Greece
Contact:

Re: Anti-Virus programs false alarms

Post by csterg »

JG wrote:Costas, would it help to put a MD5 hash so that ones would know the file is as you intended.
Yes and no.
First, I believe that 99% of the users that download theWord don't know what an hash is. I only see hashes in downloads of developer-specific resources.
Second, the main packages of theWord that you download are generated dynamically (the installers), so the hashes are not easy to display.
Costas
FollowsTheWay146
Posts: 4
Joined: Sat Jan 10, 2015 12:19 pm

Re: Anti-Virus programs false alarms

Post by FollowsTheWay146 »

At the time of this post, VirusTotal.com is showing "2 engines detected this file".

[File checked: theword-setup-en.exe (downloaded onto a Win 8.1 computer, filesize=50.2MB)].

1. Cybereason: Malicious.d98a9e

2. Zillya: Adware.Fiseria.Win32.4973

----------------
This came up because I had recommended theWord to a friend and she downloaded it to a Windows 10 computer and Microsoft told her that this install would "harm your device," so she stopped the installation and pinged me about it. I downloaded it myself and ran it through VirusTotal to check it, and thus the findings above. I thought I would post in case anyone else ran VirusTotal.

I am awaiting her response to, "what was the exact error message from Microsoft" before I asked for Forum help about her installation-on-Windows-10 issue, but if anyone reads this and knows the answer, please let me know. Thank you. Basically, is it safe to install on Windows 10 despite Microsoft's warning? It being just Microsoft being Microsoft? Perhaps they want to hinder the word of God?

EDIT: my friend ended up just installing theWord on the Win10 machine ignoring all the warnings. She said there were a LOT of warnings along way. Just an FYI.
Last edited by FollowsTheWay146 on Fri Jul 10, 2020 11:17 pm, edited 1 time in total.
Post Reply