Anti-Virus, App, & Browser Control false alarms
Anti-Virus, App, & Browser Control false alarms
Hi All,
it is no unusual for Anti-Virus programs to report false alarms on theWord Bible software or accompanying modules installers. Unfortunately there is no easy way to avoid such false alarms. It seems that the safest bet for those cases is to manually whitelist with the AV vendors the software itself.
If you are a regular user and you come up with a AV threat, please post here the details of the warning (AV vendor, product, version and info on false positive) so someone can go through the process of contacting the AV vendor and manually white-listing the software. This is a very sad situation, especially in light of the effort that has been made to make theWord available for free to everyone. I hope that the community can help eliminate such cases.
Here is a useful link to check any .exe file for possible virus with several different AV programs: https://www.virustotal.com/
Thank you
Costas
[Edit here is another helpful link for other software that can block the installation.]
it is no unusual for Anti-Virus programs to report false alarms on theWord Bible software or accompanying modules installers. Unfortunately there is no easy way to avoid such false alarms. It seems that the safest bet for those cases is to manually whitelist with the AV vendors the software itself.
If you are a regular user and you come up with a AV threat, please post here the details of the warning (AV vendor, product, version and info on false positive) so someone can go through the process of contacting the AV vendor and manually white-listing the software. This is a very sad situation, especially in light of the effort that has been made to make theWord available for free to everyone. I hope that the community can help eliminate such cases.
Here is a useful link to check any .exe file for possible virus with several different AV programs: https://www.virustotal.com/
Thank you
Costas
[Edit here is another helpful link for other software that can block the installation.]
Re: Anti-Virus programs false alarms
I had problems downloading due to virus false-alarms. My workaround was to use a web service a called Save Web Files, and save theWord directly to Dropbox. That got it past the anti-virus and I was able to install.
Re: Anti-Virus programs false alarms
I use Norton Security and this is what it says for me.
Filename: tw3main.exe
Threat name: SONAR.Heuristic.132Full Path: Not Available
SONAR Protection monitors for suspicious program activity on your computer.
tw3main.exe Threat name: SONAR.Heuristic.132
Locate
Unknown
It is unknown how many users in the Norton Community have used this file.
Unknown
This file release is currently not known.
High
This file risk is high
File: c:\users\angela\appdata\local\temp\se_289867361\ tw3main.exe No Action Required
File: c:\program files (x86)\The Word\ english.lng Threat Removed
Directory: c:\users\angela\appdata\local\temp\ nsi3b00.tmp Threat Removed
____________________________
System Settings Actions
Event: Process start (Performed by c:\users\angela\appdata\local\temp\se_289867361\tw3main.exe, PID:5652) No action taken
Event: PE file creation: c:\users\angela\appdata\local\temp\nsi3b00.tmp\ system.dll (Performed by c:\users\angela\appdata\local\temp\se_289867361\tw3main.exe, PID:5652) No action taken
Event: Process start: c:\users\angela\appdata\local\temp\se_289867361\ tw3main.exe, PID:5652 (Performed by c:\users\angela\appdata\local\temp\se_289867361\tw3main.exe, PID:5652) No action taken
____________________________
File Thumbprint - SHA:
Not available
File Thumbprint - MD5:
Not available
I am able to bypass security, but not sure if it is safe to.
Thank you.
Angela
Filename: tw3main.exe
Threat name: SONAR.Heuristic.132Full Path: Not Available
SONAR Protection monitors for suspicious program activity on your computer.
tw3main.exe Threat name: SONAR.Heuristic.132
Locate
Unknown
It is unknown how many users in the Norton Community have used this file.
Unknown
This file release is currently not known.
High
This file risk is high
File: c:\users\angela\appdata\local\temp\se_289867361\ tw3main.exe No Action Required
File: c:\program files (x86)\The Word\ english.lng Threat Removed
Directory: c:\users\angela\appdata\local\temp\ nsi3b00.tmp Threat Removed
____________________________
System Settings Actions
Event: Process start (Performed by c:\users\angela\appdata\local\temp\se_289867361\tw3main.exe, PID:5652) No action taken
Event: PE file creation: c:\users\angela\appdata\local\temp\nsi3b00.tmp\ system.dll (Performed by c:\users\angela\appdata\local\temp\se_289867361\tw3main.exe, PID:5652) No action taken
Event: Process start: c:\users\angela\appdata\local\temp\se_289867361\ tw3main.exe, PID:5652 (Performed by c:\users\angela\appdata\local\temp\se_289867361\tw3main.exe, PID:5652) No action taken
____________________________
File Thumbprint - SHA:
Not available
File Thumbprint - MD5:
Not available
I am able to bypass security, but not sure if it is safe to.
Thank you.
Angela
Re: Anti-Virus programs false alarms
Thanks Angela.
-
- Posts: 184
- Joined: Wed Aug 20, 2008 4:50 pm
- Location: Mexico
Re: Anti-Virus programs false alarms
PARA HABLADORES DEL ESPAÑOL
Esta entrada es sobre alertas falsas cuando tratas de instalar theWord en tu computadora. A veces esto pasa. No hay forma fácil para resolver esto. Lo más "fácil" es que tu programa de antivirus poner el software theWord en una lista blanca de programas sin virus.
Si tienes un aviso, por favor pon los datos del asunto aquí y Costas y yo vamos a investigarlo para ver si podemos ponerlo en una lista blanca.
También se puede analizar cualquier archivo "exe" usando el sitio https://www.virustotal.com/.
Solución 1:
Usa un servicio web que se llama Save Web Files, y descargar directamente a Dropbox. Desde allí instala el programa.
Solución 2:
Se puede apagar tu antivirus y instalar el programa después, y luego rebootear. Este tiene el riesgo de que si el exe ha sido infectado, vas a infectar tu computador.
Anota que el procedimiento correcto será
1) Entra en el ordenador de tareas (Control-Alt-Del), y parar el programa de antivirus que tienes.
2) descargar theword desde el sitio oficial theword.net. Anota donde lo descargaste.
3) Antes de correr el programa que descargaste, rebootea el sistema para que el antivirus ya está trabajando.
4) Ahora abre el antivirus y analiza el archivo de descarga. Si no encuentra virus, bien. Si encuentra virus, o dice que es virus, de nuevo tienes que ver si quieres presumir que es un alerto falso negativo, o si está bien el archivo.
5) instala theWord.
Observación: Yo uso theWord en forma compacta, esto es, instalado en tal forma que el sistema operativo no sabe que existe. No hay entradas en el registro, no hay nada que Windows va a saber que aun existe. Este se llama instalación a USB, y se puede usar así. Entonces si vas a un cafe internet y descargas el programa a un USB, se puede usarlo así. Trae tal USB a tu computadora y escanea con el antivirus. Si pasa bien, copia la carpeta entera a tu disco duro y va desde allí. La desventaja es que como no está registrado con tu sistema operativa, el clic en un archivo de theWord no va a instalar el módulo a la carpeta correcta ni va a poder abrir theWord así.
Esta entrada es sobre alertas falsas cuando tratas de instalar theWord en tu computadora. A veces esto pasa. No hay forma fácil para resolver esto. Lo más "fácil" es que tu programa de antivirus poner el software theWord en una lista blanca de programas sin virus.
Si tienes un aviso, por favor pon los datos del asunto aquí y Costas y yo vamos a investigarlo para ver si podemos ponerlo en una lista blanca.
También se puede analizar cualquier archivo "exe" usando el sitio https://www.virustotal.com/.
Solución 1:
Usa un servicio web que se llama Save Web Files, y descargar directamente a Dropbox. Desde allí instala el programa.
Solución 2:
Se puede apagar tu antivirus y instalar el programa después, y luego rebootear. Este tiene el riesgo de que si el exe ha sido infectado, vas a infectar tu computador.
Anota que el procedimiento correcto será
1) Entra en el ordenador de tareas (Control-Alt-Del), y parar el programa de antivirus que tienes.
2) descargar theword desde el sitio oficial theword.net. Anota donde lo descargaste.
3) Antes de correr el programa que descargaste, rebootea el sistema para que el antivirus ya está trabajando.
4) Ahora abre el antivirus y analiza el archivo de descarga. Si no encuentra virus, bien. Si encuentra virus, o dice que es virus, de nuevo tienes que ver si quieres presumir que es un alerto falso negativo, o si está bien el archivo.
5) instala theWord.
Observación: Yo uso theWord en forma compacta, esto es, instalado en tal forma que el sistema operativo no sabe que existe. No hay entradas en el registro, no hay nada que Windows va a saber que aun existe. Este se llama instalación a USB, y se puede usar así. Entonces si vas a un cafe internet y descargas el programa a un USB, se puede usarlo así. Trae tal USB a tu computadora y escanea con el antivirus. Si pasa bien, copia la carpeta entera a tu disco duro y va desde allí. La desventaja es que como no está registrado con tu sistema operativa, el clic en un archivo de theWord no va a instalar el módulo a la carpeta correcta ni va a poder abrir theWord así.
In Christ,
Pastor David Cox
davidcox (at sign) davidcox.com.mx
Pastor David Cox
davidcox (at sign) davidcox.com.mx
Re: Anti-Virus programs false alarms
I really would like to upgrade to version 5 but I simply cannot do that when the software is reported as containing malware by several different scanners.
For now I'll have to stick with version 4, which comes up clean on all the virus scans (except one).
My suggestion to Costas would be to please revert the program back to however it used to work in version 4, before it started showing as containing malware.
For now I'll have to stick with version 4, which comes up clean on all the virus scans (except one).
My suggestion to Costas would be to please revert the program back to however it used to work in version 4, before it started showing as containing malware.
Re: Anti-Virus programs false alarms
I have alerted Costas to this potential issue.
You could always just update to the latest beta file if that shows clean.
You could always just update to the latest beta file if that shows clean.
Jon
theWord 6 Bible Software
OS for testing; Windows 10
Beta Download ------Beta Setup Guide------On-line Manual------Tech doc's and Utilities------Copyright Factsheet
theWord 6 Bible Software
OS for testing; Windows 10
Beta Download ------Beta Setup Guide------On-line Manual------Tech doc's and Utilities------Copyright Factsheet
Re: Anti-Virus programs false alarms
I will have to disagree: check it out here: https://www.virustotal.comLee wrote:I really would like to upgrade to version 5 but I simply cannot do that when the software is reported as containing malware by several different scanners.
For now I'll have to stick with version 4, which comes up clean on all the virus scans (except one).
My suggestion to Costas would be to please revert the program back to however it used to work in version 4, before it started showing as containing malware.
It comes clean from every AV
Costas
Re: Anti-Virus programs false alarms
That's strange, when I scan it, it shows as malware with four different scanners, here's a screen grab:csterg wrote:I will have to disagree: check it out here: https://www.virustotal.com
It comes clean from every AV
Costas
https://imgsafe.org/image/a9f49734a1
I got the installer file from the main download page (http://www.theword.net/index.php?article.download), choosing the link under "Upgrade from a previous version" (I don't want to lose my settings.)
I'd also like to point out that the downloader page doesn't say anything about which version number it is that you're downloading. If anyone goes to that page to see if there's a new version, they won't know.
Re: Anti-Virus programs false alarms
I re-checked, I get the same results.
I checked the binary files on the sites, they are correct, nothing has been tampered.
Here are your options:
1. Trust the file and run it
2. Get an archive from http://www.theword.net/files/beta and just overwrite your theword.exe (it works)
3. Don't upgrade
I have no idea whatsoever how to make every AV happy out there. Actually I can't, there is no way to do this. These AV have bugs and report false positives, so it's just a question of trust. This is the new era of the Internet, sorry
Costas
I checked the binary files on the sites, they are correct, nothing has been tampered.
Here are your options:
1. Trust the file and run it
2. Get an archive from http://www.theword.net/files/beta and just overwrite your theword.exe (it works)
3. Don't upgrade
I have no idea whatsoever how to make every AV happy out there. Actually I can't, there is no way to do this. These AV have bugs and report false positives, so it's just a question of trust. This is the new era of the Internet, sorry
Costas
Re: Anti-Virus programs false alarms
Thank you Costas, that worked perfectly! It's not that I don't trust you personally, I just have to be really careful about malware, because I am doing important work for the Lord and would not want to risk losing what I'm working on because it's so important.csterg wrote: 2. Get an archive from http://www.theword.net/files/beta and just overwrite your theword.exe (it works)
But I am sincerely very grateful to you. In fact I have just made a thread of gratitude here:
viewtopic.php?f=3&t=7432
Re: Anti-Virus programs false alarms
Lee, i totally understand. Trust me, even if i trust me .exe files, I always have the fear that maybe the hostinsg provider gets hacked and someone injects a virus on the .exe files there...Lee wrote:Thank you Costas, that worked perfectly! It's not that I don't trust you personally, I just have to be really careful about malware, because I am doing important work for the Lord and would not want to risk losing what I'm working on because it's so important.csterg wrote: 2. Get an archive from http://www.theword.net/files/beta and just overwrite your theword.exe (it works)
But I am sincerely very grateful to you. In fact I have just made a thread of gratitude here:
viewtopic.php?f=3&t=7432
Re: Anti-Virus programs false alarms
Costas, would it help to put a MD5 hash so that ones would know the file is as you intended.
Jon
theWord 6 Bible Software
OS for testing; Windows 10
Beta Download ------Beta Setup Guide------On-line Manual------Tech doc's and Utilities------Copyright Factsheet
theWord 6 Bible Software
OS for testing; Windows 10
Beta Download ------Beta Setup Guide------On-line Manual------Tech doc's and Utilities------Copyright Factsheet
Re: Anti-Virus programs false alarms
Yes and no.JG wrote:Costas, would it help to put a MD5 hash so that ones would know the file is as you intended.
First, I believe that 99% of the users that download theWord don't know what an hash is. I only see hashes in downloads of developer-specific resources.
Second, the main packages of theWord that you download are generated dynamically (the installers), so the hashes are not easy to display.
Costas
-
- Posts: 4
- Joined: Sat Jan 10, 2015 12:19 pm
Re: Anti-Virus programs false alarms
At the time of this post, VirusTotal.com is showing "2 engines detected this file".
[File checked: theword-setup-en.exe (downloaded onto a Win 8.1 computer, filesize=50.2MB)].
1. Cybereason: Malicious.d98a9e
2. Zillya: Adware.Fiseria.Win32.4973
----------------
This came up because I had recommended theWord to a friend and she downloaded it to a Windows 10 computer and Microsoft told her that this install would "harm your device," so she stopped the installation and pinged me about it. I downloaded it myself and ran it through VirusTotal to check it, and thus the findings above. I thought I would post in case anyone else ran VirusTotal.
I am awaiting her response to, "what was the exact error message from Microsoft" before I asked for Forum help about her installation-on-Windows-10 issue, but if anyone reads this and knows the answer, please let me know. Thank you. Basically, is it safe to install on Windows 10 despite Microsoft's warning? It being just Microsoft being Microsoft? Perhaps they want to hinder the word of God?
EDIT: my friend ended up just installing theWord on the Win10 machine ignoring all the warnings. She said there were a LOT of warnings along way. Just an FYI.
[File checked: theword-setup-en.exe (downloaded onto a Win 8.1 computer, filesize=50.2MB)].
1. Cybereason: Malicious.d98a9e
2. Zillya: Adware.Fiseria.Win32.4973
----------------
This came up because I had recommended theWord to a friend and she downloaded it to a Windows 10 computer and Microsoft told her that this install would "harm your device," so she stopped the installation and pinged me about it. I downloaded it myself and ran it through VirusTotal to check it, and thus the findings above. I thought I would post in case anyone else ran VirusTotal.
I am awaiting her response to, "what was the exact error message from Microsoft" before I asked for Forum help about her installation-on-Windows-10 issue, but if anyone reads this and knows the answer, please let me know. Thank you. Basically, is it safe to install on Windows 10 despite Microsoft's warning? It being just Microsoft being Microsoft? Perhaps they want to hinder the word of God?
EDIT: my friend ended up just installing theWord on the Win10 machine ignoring all the warnings. She said there were a LOT of warnings along way. Just an FYI.
Last edited by FollowsTheWay146 on Fri Jul 10, 2020 11:17 pm, edited 1 time in total.