Forum > Windows (32/64)

FPC 3.2.2 fpc.exe antivirus false positive?

(1/2) > >>

dd88:
Hello everyone,

I'm a new user who has been trying to install free pascal, but I have run into issues with my antivirus when installing. Just wondering if anyone can confirm or has seen these issues before.

I have tried the fpc-3.2.2.i386-win32.exe installer from both the Canadian ftp link and from sourceforge. Both installers are identical. After download, I verified both the sha1 and md5 sums as reported on the sourceforge site. A virus scan says the installer is fine.

However, it's during/after installation that the issues start. It appears that fpc.exe gets flagged as a virus and automatically quarantined. I suspect it is a false positive, but this appears to happen with more than one anti-virus vendor; I have attached a screen capture from the virustotal.com to show what is captured.

The name "Gen:Trojan.Heur.TP.gyW@bCMC!Ik" makes me suspect it is being flagged heuristically. An internet search provides no information; I suspect the last part of the name is generated to be unique if the heuristic scan finds something suspicious it hasn't seen before.

Thanks.

marcov:
Your analysis is correct, and only thing you can do is complain to the antivirus maker(s).

As a workaround, disable the antivirus during install, and then exclude all related directories after. (you really don't want a signature update to start quarantining for some bogus reason in say half an year). If you still can, disable heuristics.

The antivirus philosophy is simply flawed. Crude heuristic checks with some popular software on the whitelist so that users don't notice too quickly. 

We try to minimize the problems by stripping debuginfo and using a wellknown installer product, but that is about the only thing we can do.

af0815:

--- Quote from: marcov on July 06, 2021, 01:19:58 pm ---Your analysis is correct, and only thing you can do is complain to the antivirus maker(s).
--- End quote ---
+1 for the complain

i did it in the past often to report the positive false and after 1 or 2 days the AV accept the compilated software and fpc itself. (i have a bougth AV version)

Martin_fr:
Looks like the 32bit fpc.exe?
The 64 bit gets better results (comparing my self build 32 vs 64 bit exes)

So maybe AV start to be suspicious of 32bit software....

You can also try at https://metadefender.opswat.com/

dd88:
Thankyou all for your replies. I was pretty sure there was nothing wrong - but having additional confirmation is appreciated.

Navigation

[0] Message Index

[#] Next page

Go to full version