mIRC Home    About    Download    Register    News    Help

Print Thread
Win Defender PuP false positive for old installers #267302 13/05/20 07:49 AM
Joined: Jul 2006
Posts: 10
G
Gubment_Cheez Offline OP
Pikka bird
OP Offline
Pikka bird
G
Joined: Jul 2006
Posts: 10
Hello. Today Windows Defender flagged two old installers of mIRC, versions 7.15 and 7.17 as Program:Win32/Vigram.A. I've submitted both files to Microsoft for malware analysis with the belief they will come back clean. I doubt someone would even have these installers still on their computer, but wanted to post this in case someone else noticed and thought there was a problem.
I'm not sure if this is the right place to post this, but I felt it was important enough to say something

Last edited by Gubment_Cheez; 13/05/20 07:50 AM.
Re: Win Defender PuP false positive for old installers [Re: Gubment_Cheez] #267304 13/05/20 06:14 PM
Joined: Dec 2002
Posts: 4,829
Khaled Offline
Hoopy frood
Offline
Hoopy frood
Joined: Dec 2002
Posts: 4,829
You can check if an installer is authentic by right-clicking on the filename and checking if the digital signature is valid. If it is not, the file has been modified in some way. If it is valid, the above is likely due to a false-positive which usually happens when an anti-virus company updates their virus definition files without checking them properly. The result is that the anti-virus software starts incorrectly detecting some applications or files as trojans or viruses. Unfortunately this happens all the time. For example, some years ago Microsoft Security Essentials detected the Google Chrome web browser as a trojan and recommended that users delete it. You would need to contact your anti-virus software company to report the issue and to ask them for a solution. They should then correct the error in the next update of their virus definition files and should be able to tell you how to prevent their software from behaving this way in the meantime.

In addition, some anti-virus applications are more sensitive to IRC applications than others and will actively block/delete their files. You would need to add mIRC to their exclusion list to get around this. If that does not work, you would need to contact the anti-virus company for help.

You could also try uploading the installer to https://www.virustotal.com to check it.