System Informed flagged as a Potentially Unwanted Application #1668
Comments
This comment was marked as off-topic.
This comment was marked as off-topic.
|
For me Windows Defender is also flagging it as "Trojan:Win32/Wacatac.B!ml" and removing it (the installer and the installed app). |
|
Any signatures ending with This issue is for specifically tracking the |
|
Microsoft Defender is up and down in detection. One day it detects, next day it doesn't even after a fresh download from https://systeminformer.sourceforge.io/nightly.php and immediate scan. Hours later or next day, it decides again to detect something. It's either Trojan:Win32/Sabsik.TE.B!ml or Win32/Wacatac.B!ml or something else but as @dmex said it is always !ml Microsoft Edge is also having a problem with "systeminformer-3.0.6433-setup.exe isn't commonly downloaded. Make sure you trust * before you open it." while giving you the following options:
You can report thousands of times, it won't change anything. You either keep getting annoyed by it or use "Add an exclusion" in Microsoft Defender. For overly cautious: clone the project, review the code yourself, compile it and then drop into the folder excluded from Microsoft Defender scan unless you like to be ocassionally greeted by GPT siblings. |
This is the expected behavior considering the nightly builds and binaries are generally updated every 24 hours and downloaded using the updater. Web browsers don't have telemetry for the downloads to consider the binary "common" and since they're updated again in 24 hours we're back at zero telemetry and they'll keep showing those prompts unless we disable nightly builds or disable the updater 🤷♂️ |
|
Ok. Interesting. I hadn't encountered any Defender problems with System Informer before and I've used it on the same system for a long time (about however long it's been since the name change) with constant Windows Insider Dev channel builds and 24/7/365 runtime. Process Hacker was detected at some point (a long time ago, like years ago). But anyway, I already added it to exclusions - just strange that it was suddenly now detected during an update which I've done dozens of times before without any problems. |
|
VirusTotal is flagging this file with 17/68 detected, with the majority of them being detected as Application.SystemInformer.1, however there are some outliers like Program:Win32/Wacapew.C!ml or Trojan:Win32/Wacatac.B!ml from Windows Defender. https://www.virustotal.com/gui/file/0c215350b905ab89fca925355c3964516ef790b4cb0b2c03e782928d0a239acf |
|
We must start building our own AI models for almost anything. Third party might always have somehow misaligned narrative. 😉 |
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
|
Defender is reporting the binaries clean and I can't reproduce this PUA detection and neither did Microsoft:
We've been in fairly regular contact with Microsoft over the last few months about other issues and they haven't reported any issues so your PUA was probably a glitch in the matrix which they resolved immediately 🤷♂️ I'll mark this convo as offtopic so it doesn't distract from actionable reports. |
|
Made sure Windows and Bitdefender is updated |
|
Could anyone check if compiled system informer in their own machine shows as malware? |
|
Avast Premium Antivirus is also flagging system informer again. I had to exclude the entire program files install folder and also now I have to disable the AV just to get an update or it blocks the bells out of anything in the temp folder, also claiming it is a virus (this is also applying to several of the DLL files. (I will write down what it is saying next time there is an update) I do so love this program and both my clients and me have grown to depend on it. Hopefully we can get this resolved once and for all.. Thank you for all your hard work.. |
|
Windows 11 x64 22H2 build 22621.1413, ESET NOD32 Antivirus 16.1.14.0 detection engine ver. 27084 (2023-04-17) all of a sudden flagging plugins\ExtendedServices.dll as a suspicious object...😒 |
|
JTI/Suspect.196612!20b0a90f76a5 on Trellix Endpoint Security |
|
Update: Eset NOD32 stopped complaining, neither the installer, nor any of the program components are reported suspicious. At least for now... |
|
Just got this from our SecOps team: |
Why is your "SecOps team" using 4chan as an authoritative source? |
They sent this image just to prove their point that systeminformer is not only in trellix reported as malware. |
We have already applied and engaged with SignPath. They were gracious enough to give us a free account. However, they were unwilling to provide a code signing certificate - we would have to bring our own. |
|
What makes me mad about Defender's over-protection, and refusal to comply with the users' exclusion lists, is that it actually creates a much more dangerous situation on the Internet. Many, if not most, people, like me, will simply disable Defender permanently, by whatever means necessary. That puts not only me at risk, but also everyone I connect with over the Internet, i.e. EVERYONE. I, personally, have never had a real virus, so I consider myself savvy enough to make this risk acceptable. However, having most users disable anti-virus protection because it's just too much of a PITA, and refuses to be customized, is an exponential problem! I don't understand why Defender refuses to comply with users' exclusion lists! It puts everyone in more danger. |
Because defender is NOT about your security, its about defending windows's integrity and the software DRM that runs on windows or how else would you explain it miss labeling almost every known clean patch or crack as malware. Respecting exclusion lists would allow the user to safely use software from not MSFT approved sources. Which they don't want, MSFT wants you to buy your software only in their safe and secure store and pay them 30% commission on everything. The Microsoft Defender's behavior is carefully crafted to nudge people in the "right" direction don't think for your self, consume product and then get excited for new product. Freeware tools from the internet is in their eyes lost revenue. |
|
This is a badly formed argument, but I'm bored so let's do this I guess. Defender labels cracks as malware because by definition and mode of function, they ARE malware. They are external programs or loadable code that alters the execution of another program without that program or it's developer's consent. Defender isn't alone here, I'll wait for the inevitable claim that other AV suites are also in the pocket of Big DRM that I'm sure is coming. I use software all the time from sources that Microsoft would be actively against just fine. Are you ok? If they really cared that much about forcing you to use the Store, you wouldn't have a choice. They would have removed Win32 long ago and everything would be like the S builds, where that is intentionally the case. Oh yes, because trying to guide the PC market towards such a locked down perspective has ever gone well before.... My computer is quite literally over half open source software, again, Are you ok? |
|
Well as you mention it yourself there are this S builds and before that there was Windows 8 RT, and in windows 11 there is this optional Smart App Control, so I think its quite clear where MSFT wants to go, they are just failing at reaching their goals. So eternal vigilance is needed to ensure they will keep failing in perpetuity. About cracks being malware by definition, I beg to differ! By your definition "They are external programs or loadable code that alters the execution of another program without that program or it's developer's consent." any antivirus or anti intrusion software which injects some dll's to facilitate its operation would also be malware by that definition. And keep in mind there are more and more people out there whom bought perpetual licenses to software which now gets its activation servers taken offline, in which case using alternative means of activation is fully within that people's rights under EU law. I would argue that malware is software which in the highest level of abstraction acts intentionally against the wishes of a user to that users disadvantage. Also I would argue that vendors of security software should upmost and foremost defend the interest of their customers and not 3rd parties. |
|
Believe what you will, nothing I or anybody else says is going to change that. I'm not sure why you think that Microsoft needs a conspiracy-level plan to.......widdle the thing they already control down with the other thing.....they already control. Also, whatever you care to think, cracks are malware. Whether you or I agree with this or not, they use malware tactics and act like malware concerning the operation of the original program. I use cracks all the time, I didn't say they were bad. But trying to say that they should be specifically whitelisted is at best misunderstanding how a modern crack works and at worst deluding yourself and others. |
Definition from Oxford Languages for malware: software that is specifically designed to disrupt, damage, or gain unauthorized access to a computer system. A crack or patch does not seam to fall into this definition.
Its quite easy, they don't control the customer, if they would release tomorrow windows 13 with UWP only and boldly proclaimed this is the only future for windows win32 is dead, most people wouldn't buy it and start looking for alternatives (including the xp move, i.e. to stick forever to when needed an unsupported old version of windows) as simple as that. In the recent history MSFT's moves were IMHO the biggest driver of Linux adoption for desktop use, Linux's success on the desktop will be a product of MSFT's anti consumer moves and not an achievement of the Linux developers. |
|
This whole conversation is painful to read. There's so much anger, frustration, misunderstanding, false claims, etc.
I'm old enough to remember what it was like "back in the day", and with these sort of pain points aside, the overall security (virus/malware) on Windows is much better than it used to be. At the end of the day, Microsoft / Windows Defender / is going to do what they want, and ultimately it will be what they determine is best to protect the OS and their customers (individual AND commercial). Blaming them for that is not fair. The folks here who "own" System Informer, or at least those who can take action on its behalf, are going to do what they want as well. Blaming them for that is also not fair. They don't owe any of us anything - this is free and open-source software. Frankly, it's awesome that they collectively share their knowledge and expertise in the form of this excellent application. I've said it before, and I'll say it again - I absolutely love System Informer (and Process Hacker before it). There are things about it that bother / annoy me, ranging from this AV issue to how it doesn't restore itself to the correct X,Y coordinate on Windows 11, but that's life - there's always going to be something that we find annoying. I hope that these folks will do whatever they can to resolve my annoyances, but they need to balance my annoyances against everyone else's issues. There are currently 122 open issues spread across a small group of contributors who likely have full-time jobs that are not this, and... they have their own personal lives as well. Any time they spend on this is a gift to all of us. We should be grateful and appreciative. This issue has been open for 4 months now. I suggest that we not hold our collective breath waiting for it to get resolved any time soon. It would serve all of us well to take off our tin foil hats and calm TF down. There is a lot more to life than this... |
|
Issue opened: Mar-29-2023, Today: Sep-17-2023 ...
|
|
really just....decided to not read absolutely any of the issue before commenting those pics, huh |
|
I have been using System Informer since Process Hacker (since I discovered it a long time ago). I tried to update it to v3.0.7148, but McAfee blocked it. Downloaded it from the site, and tried to install McAfee and Defender blocked it, with McAfee deleting the installer and tagging it as malware while leaving the v3.0.6806 installer and it doesn't have a panic attack over it. If it was only Defender nagging I really wouldn't care, but with McAfee also I'm a bit uneasy. Any known reason why this would happen? Does this info help? |
|
Malware databases are a thing, no company knows how to listen, and nobody knows how to make a heuristic engine that isn't basically just a random number generator attached to a digital handgun pointed at your files. It's a false positive. If it wasn't, this issue would be a lot shorter lol |
|
@Masamune3210 I don't know if this will help, but I installed the latest version manually, downloaded the bin zip, unzipped, and overwrote the files. McAfee didn't even bother. Defender neither. So it seems to me that the installer is the problem, not SystemInformer. HTH. |
|
It's hard to tell, one moment the engines will be fine with it, the next they will all treat it like the spawn of Beelzebub himself |
|
As of |
|
I just removed my Defender exclusions, installed this version and ran it without issue. I scanned the directory, and the executable (for good measure) and it all came up clean! Thank you so much for doing that!!! |
https://en.wikipedia.org/wiki/United_States_v._Microsoft_Corp.
https://www.virustotal.com/gui/file/96a37b18ede4b5bc616822c023b1b8cd85b3a76b205229701e21d75ea101b57c |
|
Last reported issue was over 6 months ago - Closing as resolved 🥳 |
I don't get it dmex... Why are you quoting something I said months ago and linking to a Wikipedia page about Internet Explorer? |
and others
Brief description of your issue
The application was renamed to System Informer in order to avoid this drama permanently. And we're back to square one, Bitdefender is flagging the application again!!
Please check if the latest update wasn't signed. The download was flagged by Firefox as well
Steps to reproduce (optional)
No response
Expected behavior (optional)
No response
Actual behavior (optional)
No response
Environment (optional)
No response
The text was updated successfully, but these errors were encountered: