digitalmars.D.ide - VisualD.dll flagged during VisualD 0.45.0 installation as Trojan by
- ShadoLight (18/18) Aug 03 2017 Hi,
- Rainer Schuetze (13/36) Aug 03 2017 It seems this is getting worse for dmd built executables.
- jj (3/18) Aug 03 2017 it still does not work with my VS 2017. after install it does not
- Rainer Schuetze (16/42) Aug 04 2017 Sorry to hear that but I didn't really expect any magic solution just
- Rainer Schuetze (3/26) Aug 06 2017 This seems to pass most anti-virus programs on virustotal:
- ShadoLight (2/6) Aug 07 2017 Thanks Rainer, very much appreciated!
- Ozan (O/N/S) (6/11) Aug 23 2017 Hi
- Jolly James (6/19) Aug 25 2017 This is a general problem and will possibly happen with all AV
Hi, For other users of McAfee AV software: Note that, during the installation of VisualD 0.45.0, the VisualD.dll is detected as GenericRXBS-NK!9A26B67896F trojan by my McAfee AV (Enterprise v8.8 in my case). Since I have been using VisualD (and D) for practically forever I am sure this is a false-positive, and caused by McAfee's new-fangled 'generically detected malware' algorithm! I tried using the Quarantine Manager to 'restore' VisualD.dll, but this does not work since McAfee does not 'remember' previously restored files, and quarantine it every time VS loads the DLL. Since this is a corporate PC I cannot disable McAfee, so this even stops me from ZIPping the damn DLL (to email to McAfee for analysis). I'll have to revert to VisualD 0.45.0-rc2 for now, but it would be useful if someone can report this according to [1). [1]: https://kc.mcafee.com/corporate/index?page=content&id=KB85567
Aug 03 2017
On 03.08.2017 14:00, ShadoLight wrote:Hi, For other users of McAfee AV software: Note that, during the installation of VisualD 0.45.0, the VisualD.dll is detected as GenericRXBS-NK!9A26B67896F trojan by my McAfee AV (Enterprise v8.8 in my case). Since I have been using VisualD (and D) for practically forever I am sure this is a false-positive, and caused by McAfee's new-fangled 'generically detected malware' algorithm! I tried using the Quarantine Manager to 'restore' VisualD.dll, but this does not work since McAfee does not 'remember' previously restored files, and quarantine it every time VS loads the DLL. Since this is a corporate PC I cannot disable McAfee, so this even stops me from ZIPping the damn DLL (to email to McAfee for analysis). I'll have to revert to VisualD 0.45.0-rc2 for now, but it would be useful if someone can report this according to [1). [1]: https://kc.mcafee.com/corporate/index?page=content&id=KB85567It seems this is getting worse for dmd built executables. VirusTotal also shows the McAfee failures, and 3 other engines complain, too. If I build Visual D against the MS-Runtime instead of the DigitalMars-Runtime, no virus is detected. Unfortunately the DLL grows from 3 MB to 9 MB, which seems to uncover a bug somewheree in the tool chain. That might not be a show stopper, though, and I wanted to switch to the COFF builds eventually anyway. The autotester has also created the same version, maybe it passes McAfee as is: https://ci.appveyor.com/project/rainers/visuald/build/job/2g40k1pgyxg58avv/artifacts It isn't built with the precise GC, though, so it might eat a bit more memory if you edit large files.
Aug 03 2017
On Thursday, 3 August 2017 at 16:58:33 UTC, Rainer Schuetze wrote:On 03.08.2017 14:00, ShadoLight wrote:it still does not work with my VS 2017. after install it does not show up in the menu, it does not know d. sorry for the bad news.[...]It seems this is getting worse for dmd built executables. VirusTotal also shows the McAfee failures, and 3 other engines complain, too. If I build Visual D against the MS-Runtime instead of the DigitalMars-Runtime, no virus is detected. Unfortunately the DLL grows from 3 MB to 9 MB, which seems to uncover a bug somewheree in the tool chain. That might not be a show stopper, though, and I wanted to switch to the COFF builds eventually anyway. The autotester has also created the same version, maybe it passes McAfee as is: https://ci.appveyor.com/project/rainers/visuald/build/job/2g40k1pgyxg58avv/artifacts It isn't built with the precise GC, though, so it might eat a bit more memory if you edit large files.
Aug 03 2017
On 03.08.2017 19:58, jj wrote:On Thursday, 3 August 2017 at 16:58:33 UTC, Rainer Schuetze wrote:Sorry to hear that but I didn't really expect any magic solution just from bumping the version number. From your last posted error message, I suspect that the 3 files written by the installer at "c:\Program Files (x86)\Microsoft Visual Studio\2017\Community\Common7\IDE\Extensions\Rainer Schuetze\VisualD\0.45" exist? Maybe there are older files in parallel folders? If yes, try deleting these. VS2017 transfers settings from these extension files into a "private registry" %AppData%\Local\Microsoft\VisualStudio\15.0_ade21380\privateregistry.bin, maybe you can make that file available for download somewhere so I can check whether entries in there look ok. Are you using the english version of VS or some other language? Maybe there is something wrong in how Visual D handles this, but I have seen it working with german versions (though not with VS2017 yet).On 03.08.2017 14:00, ShadoLight wrote:it still does not work with my VS 2017. after install it does not show up in the menu, it does not know d. sorry for the bad news.[...]It seems this is getting worse for dmd built executables. VirusTotal also shows the McAfee failures, and 3 other engines complain, too. If I build Visual D against the MS-Runtime instead of the DigitalMars-Runtime, no virus is detected. Unfortunately the DLL grows from 3 MB to 9 MB, which seems to uncover a bug somewheree in the tool chain. That might not be a show stopper, though, and I wanted to switch to the COFF builds eventually anyway. The autotester has also created the same version, maybe it passes McAfee as is: https://ci.appveyor.com/project/rainers/visuald/build/job/2g40k1 gyxg58avv/artifacts It isn't built with the precise GC, though, so it might eat a bit more memory if you edit large files.
Aug 04 2017
On 03.08.2017 14:00, ShadoLight wrote:Hi, For other users of McAfee AV software: Note that, during the installation of VisualD 0.45.0, the VisualD.dll is detected as GenericRXBS-NK!9A26B67896F trojan by my McAfee AV (Enterprise v8.8 in my case). Since I have been using VisualD (and D) for practically forever I am sure this is a false-positive, and caused by McAfee's new-fangled 'generically detected malware' algorithm! I tried using the Quarantine Manager to 'restore' VisualD.dll, but this does not work since McAfee does not 'remember' previously restored files, and quarantine it every time VS loads the DLL. Since this is a corporate PC I cannot disable McAfee, so this even stops me from ZIPping the damn DLL (to email to McAfee for analysis). I'll have to revert to VisualD 0.45.0-rc2 for now, but it would be useful if someone can report this according to [1). [1]: https://kc.mcafee.com/corporate/index?page=content&id=KB85567This seems to pass most anti-virus programs on virustotal: https://github.com/dlang/visuald/releases/tag/v0.45.1-rc1
Aug 06 2017
On Sunday, 6 August 2017 at 12:03:37 UTC, Rainer Schuetze wrote:On 03.08.2017 14:00, ShadoLight wrote:Thanks Rainer, very much appreciated![...]This seems to pass most anti-virus programs on virustotal: https://github.com/dlang/visuald/releases/tag/v0.45.1-rc1
Aug 07 2017
On Thursday, 3 August 2017 at 12:00:39 UTC, ShadoLight wrote:Hi, For other users of McAfee AV software: Note that, during the installation of VisualD 0.45.0, the VisualD.dll is detected as GenericRXBS-NK!9A26B67896F trojan by my McAfee AV (Enterprise v8.8 in my case).Hi Are you sure about, that it is a only VisualD problem? I got a similar message from McAfee using the current DMD with Dub. Regards Ozan
Aug 23 2017
On Wednesday, 23 August 2017 at 13:31:37 UTC, Ozan (O/N/S) wrote:On Thursday, 3 August 2017 at 12:00:39 UTC, ShadoLight wrote:This is a general problem and will possibly happen with all AV software. And many of them that use heuristics will flag any port-opening D program (e.g. DCD) as "Generic.XYZ". Please remember, "Generic" means, your AV tool has no idea what it actually is, but it looks very suspicious.Hi, For other users of McAfee AV software: Note that, during the installation of VisualD 0.45.0, the VisualD.dll is detected as GenericRXBS-NK!9A26B67896F trojan by my McAfee AV (Enterprise v8.8 in my case).Hi Are you sure about, that it is a only VisualD problem? I got a similar message from McAfee using the current DMD with Dub. Regards Ozan
Aug 25 2017