Recent

Author Topic: FPC 3.2.2 fpc.exe antivirus false positive?  (Read 5538 times)

dd88

  • Newbie
  • Posts: 2
FPC 3.2.2 fpc.exe antivirus false positive?
« on: July 06, 2021, 12:39:17 pm »
Hello everyone,

I'm a new user who has been trying to install free pascal, but I have run into issues with my antivirus when installing. Just wondering if anyone can confirm or has seen these issues before.

I have tried the fpc-3.2.2.i386-win32.exe installer from both the Canadian ftp link and from sourceforge. Both installers are identical. After download, I verified both the sha1 and md5 sums as reported on the sourceforge site. A virus scan says the installer is fine.

However, it's during/after installation that the issues start. It appears that fpc.exe gets flagged as a virus and automatically quarantined. I suspect it is a false positive, but this appears to happen with more than one anti-virus vendor; I have attached a screen capture from the virustotal.com to show what is captured.

The name "Gen:Trojan.Heur.TP.gyW@bCMC!Ik" makes me suspect it is being flagged heuristically. An internet search provides no information; I suspect the last part of the name is generated to be unique if the heuristic scan finds something suspicious it hasn't seen before.

Thanks.
« Last Edit: July 06, 2021, 12:43:36 pm by dd88 »

marcov

  • Administrator
  • Hero Member
  • *
  • Posts: 11383
  • FPC developer.
Re: FPC 3.2.2 fpc.exe antivirus false positive?
« Reply #1 on: July 06, 2021, 01:19:58 pm »
Your analysis is correct, and only thing you can do is complain to the antivirus maker(s).

As a workaround, disable the antivirus during install, and then exclude all related directories after. (you really don't want a signature update to start quarantining for some bogus reason in say half an year). If you still can, disable heuristics.

The antivirus philosophy is simply flawed. Crude heuristic checks with some popular software on the whitelist so that users don't notice too quickly. 

We try to minimize the problems by stripping debuginfo and using a wellknown installer product, but that is about the only thing we can do.

af0815

  • Hero Member
  • *****
  • Posts: 1289
Re: FPC 3.2.2 fpc.exe antivirus false positive?
« Reply #2 on: July 06, 2021, 01:27:10 pm »
Your analysis is correct, and only thing you can do is complain to the antivirus maker(s).
+1 for the complain

i did it in the past often to report the positive false and after 1 or 2 days the AV accept the compilated software and fpc itself. (i have a bougth AV version)
regards
Andreas

Martin_fr

  • Administrator
  • Hero Member
  • *
  • Posts: 9792
  • Debugger - SynEdit - and more
    • wiki
Re: FPC 3.2.2 fpc.exe antivirus false positive?
« Reply #3 on: July 06, 2021, 01:32:30 pm »
Looks like the 32bit fpc.exe?
The 64 bit gets better results (comparing my self build 32 vs 64 bit exes)

So maybe AV start to be suspicious of 32bit software....

You can also try at https://metadefender.opswat.com/

dd88

  • Newbie
  • Posts: 2
Re: FPC 3.2.2 fpc.exe antivirus false positive?
« Reply #4 on: July 06, 2021, 01:49:19 pm »
Thankyou all for your replies. I was pretty sure there was nothing wrong - but having additional confirmation is appreciated.


af0815

  • Hero Member
  • *****
  • Posts: 1289
Re: FPC 3.2.2 fpc.exe antivirus false positive?
« Reply #5 on: July 06, 2021, 06:07:31 pm »
sometimes i think, AV scanners are 'snake oil'. If you keep your system up tp date, you are on the safe side.
regards
Andreas

winni

  • Hero Member
  • *****
  • Posts: 3197
Re: FPC 3.2.2 fpc.exe antivirus false positive?
« Reply #6 on: July 06, 2021, 06:33:46 pm »
Hi!

AV Scanners are Snake Oil.

To minimize virus and malware:

Use Linux on the desktop.
And use a good firewall.

Never had any trouble in the last 25 years with this combination.

Winni

lucamar

  • Hero Member
  • *****
  • Posts: 4219
Re: FPC 3.2.2 fpc.exe antivirus false positive?
« Reply #7 on: July 06, 2021, 07:09:13 pm »
[...] If you keep your system up tp date [...]

... and you're extremely careful with what you download and execute, and take the normal "profilactic" measures ... ;)
Turbo Pascal 3 CP/M - Amstrad PCW 8256 (512 KB !!!) :P
Lazarus/FPC 2.0.8/3.0.4 & 2.0.12/3.2.0 - 32/64 bits on:
(K|L|X)Ubuntu 12..18, Windows XP, 7, 10 and various DOSes.

af0815

  • Hero Member
  • *****
  • Posts: 1289
Re: FPC 3.2.2 fpc.exe antivirus false positive?
« Reply #8 on: July 06, 2021, 07:59:39 pm »
yes, i am carefull with downloads. If i want to test new software, i use a virtual machine using snapshots before download and install software.

Linzx is good, but a lot of software is 'windows only', for my job. But in private i use more 'free live' without the stress of the pc's  8) O:-) 8-)
regards
Andreas

 

TinyPortal © 2005-2018