Page 1 of 1
Loader v5.24 detected as Malware 01/01/2023 at 18:35 #149890 | |
9pN1SEAp
1184 posts |
Hi, This affects almost no users but I thought it might be worth a report anyway. The SimSigLoader downloaded by the UpdaterTool is currently being blocked on laptops running Check Point Harmony Endpoint with the Threat Emulation (sandboxing) capability enabled. The initial version from the installer isn't affected, nor were any versions prior to v5.24. I've got round it with an exclusion based on its SHA-1 hash (!) I've attached the report detailing why it thinks it's bad. Thanks Jamie Post has attachments. Log in to view them. Jamie S (JAMS) Last edited: 01/01/2023 at 18:38 by 9pN1SEAp Reason: HTML zipped to disable "Internet Zone" flagging Log in to reply |
Loader v5.24 detected as Malware 01/01/2023 at 19:14 #149896 | |
GeoffM
6377 posts |
I had a quick look through that log and am somewhat surprised at what they call "threats". For example, reading the computer name? Or loading "http://www.bing.com/favicon.ico"? Or uses cryptography? There are also some claims which, as far as the SimSig code itself is concerned, are flat out false, like setting files to hidden, and "tries to read supported languages", and "hides the extension of specific file types". I will concede that perhaps some of the DLLs or packages used may contain such calls, though that in itself doesn't mean they're actually called by anything. I notice that in the Check Point forum the developers ask for false positives like this sort of thing, not to mention a large number of threads on other forums with reports of false positives. SimSig Boss Last edited: 01/01/2023 at 22:05 by GeoffM Reason: None given Log in to reply |