Total Security Installer Flagged As Malware
As in the title - I have downloaded from my Central account the Windows installer for Total Security and this is being picked up as malware on VirusTotal and Hybrid Analysis.
Trojan.Generic.Win32.1697845 is noted by Zilya via ViusTotal and Trojan.Win32.Malicious.4!e by AegisLab via Hybrid Analysis where Filseclab also notes it as unsafe but with no reason given.
Is the installer safe to use?
EDIT: I have managed to post this twice in different categories so this may need merging
Comments
-
I just downloaded the installer and confirmed only 1 VirusTotal scanning engine flagged it. I consider it a FP from their, Zillya's end, as I also scanned the installer from my flash drive. You should be safe to run the installer.
If you wanted further confirmation, @Alexandru_BD or @Flexx could also verify it on their end, too.
Kind regards,
Scott
P.S. I deleted your other thread.
All Bitdefender Home Product User Guides: https://www.bitdefender.com/consumer/support/user-guides/
2 -
The file detected by vendors on virustotal are indeed false positive. Additionally, the file has been shared with zillya! antivirus to get the detection removed from their database.
Regards
Life happens, Coffee helps!
Show your Attitude, when you reach that Altitude!
Bitdefender Ultimate Security Plus (user)
2 -
What about the flags from Hybrid Analysis? This appears via MetaDefender on AegisLab and Filseclab too as a potential threat when scanning the file.
0 -
Since you downloaded it from your Central account, and not from another download website, I would consider their findings to be FPs as well.
If you wanted to, send the file to the malware research experts who will confirm its validity to help give you peace of mind.
Kind regards,
Scott
All Bitdefender Home Product User Guides: https://www.bitdefender.com/consumer/support/user-guides/
0 -
Also to consider, Bitdefender is downloaded 1,000s? of times a day, especially by members using the Family Pack plan, and we have yet to hear of an issue regarding the installer being corrupt or causing issues.
All Bitdefender Home Product User Guides: https://www.bitdefender.com/consumer/support/user-guides/
0 -
I agree with the points made regarding source and number of downloads but it is still concerning when something such as the installer is flagged as potentially malicious.
0 -
That's fine. I figure you have two choices:
1) don't use the installer, and forgo installing Bitdefender.
2) wait for another week, redownload the installer, and try submitting it again to the other sites, and see if they still flag it, or it's cleared as a FP on their end.
Regards
All Bitdefender Home Product User Guides: https://www.bitdefender.com/consumer/support/user-guides/
0 -
Indeed I agree with the available options. I did however want to raise the matter and thankfully it has been raised with Zilya as FP.
1 -
I put this in the "for what it's worth" category (it being newer), as you seem to keep up with PC, and file security protocols, thought you may be interested.
As of now, it only scans PFDs and Office files.
Kind regards,
Scott
All Bitdefender Home Product User Guides: https://www.bitdefender.com/consumer/support/user-guides/
0 -
As per latest check on virustotal, zillya! antivirus has removed the detection.
Regards
Life happens, Coffee helps!
Show your Attitude, when you reach that Altitude!
Bitdefender Ultimate Security Plus (user)
1 -
@Flexx thanks for confirming.
Is it worth flagging a false positive for the detections by MetaDefender via Hybrid-Analysis?
AegisLab - Trojan.Win32.Malicious.4!e
Filseclab - no detection type given just notes suspicious.
It is worth noting the data for those reports is from mid-February (can't post links yet though).
0 -
Kindly share the metadefender link.
Regards
Life happens, Coffee helps!
Show your Attitude, when you reach that Altitude!
Bitdefender Ultimate Security Plus (user)
0 -
Sorry for the late response - have just tried to post the link here and in a PM but it won't allow me to post the actual links.
Running the installer through Hybrid-Analyis using Windows 10 flags for under Metadefender and running the file directly through the Opswat Metadefender scanner yields the same results.
0 -
The forum will not allow me to post links yet here or in PMs - how can I share this detail please?
0 -
I have replied to your query via pm and promoted you to level 2 and you should now be able to post malware result links from metadefender or virustotal.
Regards
Life happens, Coffee helps!
Show your Attitude, when you reach that Altitude!
Bitdefender Ultimate Security Plus (user)
0 -
Still getting the message "You have to be around for a little while longer before you can post links." unfortunately.
0 -
I would request you to kindly wait for the admins @Alexandru_BD, @Mike_BD to have a look into this for you. Until then you can copy and share the hash of the file here.
Regards
Life happens, Coffee helps!
Show your Attitude, when you reach that Altitude!
Bitdefender Ultimate Security Plus (user)
0 -
Sorry for the late response - have just tried to post the link here and in a PM but it won't allow me to post the actual links.
Running the installer through Hybrid-Analysis using Windows 10 flags for under Metadefender and running the file directly through the Opswat Metadefender scanner yields the same results.
1 -
Sorry for the late response - have just tried to post the link here and in a PM but it won't allow me to post the actual links.
Running the installer through Hybrid-Analysis using Windows 10 flags for under Metadefender and running the file directly through the Opswat Metadefender scanner yields the same results.
0 -
The bitdefender total security setup file has been shared with the vendors that are flagging it as malicious in order to get it removed from their database. The detection is basically false positive.
Regards
Life happens, Coffee helps!
Show your Attitude, when you reach that Altitude!
Bitdefender Ultimate Security Plus (user)
1 -
@Flexx thanks for confirming. I should now be able to post links but won't need to in this instance.
I did suspect it would be a false positive as with the other detections.
2 -
Interestingly Zilya were very quick to remove the false positive whereas the results on Metadefender still remain the same as of checking today.
I do however appreciate that in this scenario it is not of great concern given the installer is from my Central account and there would be many more reports if the installer were compromised.
0 -
The aegislab did not responded back because their website now integrates with other 3rd party website so there is no proper way to contact the support or the malware researchers despite sharing the bitdefender setup file through their website upload tool.
Nevertheless, there is no point in banging head for the antimalware vendors which have less than 1% reputation in the market and hardly anyone knows about it. The concern would have been only when the well known antimalware vendors would have detected the bitdefender setup file as malicious.
For future, please always note to share the virustotal link instead of any other 3rd party multiple scanning engine link because there are majority of samples which are detected as malicious by various antimaware vendors and also their engine on virustotal but their engine on metadefender shows the files as non malicious, which clearly states that metadefender uses outdated version of various antimalware engine whereas virustotal is almost up to date. Even virustotal uses aggressive heuristics of various antimalware vendors engine which even their own product may also not detect.
Regards
Life happens, Coffee helps!
Show your Attitude, when you reach that Altitude!
Bitdefender Ultimate Security Plus (user)
2