C
cody.nguyen
hi,
I've just downloaded an installer file from our website, the file is deleted immediately after downloaded by WindowsDefender because it is scanned and marked as Trojan:Win32/VBObfuse.ARE!MTB.
After investigation, we see that, If the download link contains additional information related to GroupID, the downloaded file will be considered as Trojan and if not it is NORMAL file.
We have 2 links that point to similar Installer file:
1. Download link contains groupID info --> Downloaded file is considered as Trojan:
Link: OpswatClient-WithGroupID
2. Download link does not contain group ID info: --> No trojan detected:
Link: OPSWATClient_NoGroupID
To make sure both links point to same file. We allowed the Trojan from Windows Security Settings and re-downloaded the file, then check md5sum, and get same md5 values.
Additional info: When I did custom scan with Windows Defender with option to point to folder contains my downloaded file, The result is NO THREAT FOUND! (note: I reverted the setting of allowing Trojan threat in WindowsSecuritySettings and rebooted my computer before doing this)
Could you explain me why I face that result and how to make OpswatClient-WithGroupID be downloaded successfully without being considerred as virus?
thanks,
Continue reading...
I've just downloaded an installer file from our website, the file is deleted immediately after downloaded by WindowsDefender because it is scanned and marked as Trojan:Win32/VBObfuse.ARE!MTB.
After investigation, we see that, If the download link contains additional information related to GroupID, the downloaded file will be considered as Trojan and if not it is NORMAL file.
We have 2 links that point to similar Installer file:
1. Download link contains groupID info --> Downloaded file is considered as Trojan:
Link: OpswatClient-WithGroupID
2. Download link does not contain group ID info: --> No trojan detected:
Link: OPSWATClient_NoGroupID
To make sure both links point to same file. We allowed the Trojan from Windows Security Settings and re-downloaded the file, then check md5sum, and get same md5 values.
Additional info: When I did custom scan with Windows Defender with option to point to folder contains my downloaded file, The result is NO THREAT FOUND! (note: I reverted the setting of allowing Trojan threat in WindowsSecuritySettings and rebooted my computer before doing this)
Could you explain me why I face that result and how to make OpswatClient-WithGroupID be downloaded successfully without being considerred as virus?
thanks,
Continue reading...