I downloaded the installer from Lulzbot and Windows Defender is giving a Trojan warning.
What is going on here?
This is odd. I wasn’t able to duplicate this today with the latest definitions. We’d love more information:
- Operating system version:
- Defender definition update date
- Browser used to download installer
- Steps to reproduce:
** Are you downloading then immediately running?
** Are you scanning the file through defender prior to running the installer?
More than likely this is a false positive due to Defender and it’s heuristics. To confirm this yourself, you can check the installer file with other antivirus software or web-based services that allow for uploaded file scanning.
Additionally, you can verify the file hash to know that the file is unchanged from our original release using the windows checksum utility. Compare your result to our SHA512SUM file.
Edit: add more tips and links
I can confirm that windows Defender for Enterprise latest build, latest firmware downloaded from https://www.lulzbot.com/learn/tutorials/cura-lulzbot-edition-installation-windows gets flagged by the heuristics analasys engine, which is not a great engine for preventing false positives. it basically flags any new software that hasn’t been downloaded by thousands that has internet access capability of some sort as a virus until proven otherwise. There is a whitelist program at microsoft somewhere but I’ve never had to use it since we just use group policy for exceptions to anything we develop locally.
https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:Win32/Fuerboos.A!cl
\
- Operating system version: Windows 10 Enterprise 10.0.16299 Build 16299
- Defender definition update date 12/20/2017
- Browser used to download installer Any of them still flag, IE, edge, Cura
- Steps to reproduce: Download file. Windows defender flags it at 99% and scraps file.
** Are you downloading then immediately running? No, download onlly
** Are you scanning the file through defender prior to running the installer? It scans on download automatically in the corporate environment
Edit: ignore the filename in the screenshot, one of the download programs I use downloads things as multiple fileparts then reassembles for quicker download, if I download directly it still does the same thing.
I just tried downloading again and this time it downloaded fine. I right clicked and did “Scan with Windows Defender” but had no errors. I filled out the below for the first time when the error occured.
- Operating system version: Windows 10 Pro version 1709 Build 16299.15
- Defender definition update date: 12/26/2017
- Browser used to download installer: Chrome Version 63.0.3239.108 (Official Build) (64-bit)
- Steps to reproduce: Download from > https://www.lulzbot.com/learn/tutorials/cura-lulzbot-edition-installation-windows
** Are you downloading then immediately running? No
** Are you scanning the file through defender prior to running the installer? No, I did not for the error. I downloaded and then a few minutes later I got the error. I had not run the progrma yet.
I spoke too soon, I was able to replicate the error by running the program. I let Windows Defender delete it and now when I download it catches it every time at 99% and deletes the file.
I’m happy to help test.
We haven’t been able to reproduce this after the latest Windows 10 updates. If you run into that again, please let us know.
I just tested again and it is OK. I think windows defender sorted itself out. Thanks!
Appears to be fine now here. Windows defunder is just a piece of junk. I wouldn’t use it here except we have to.