ZDaemon's new update has a virus?

[gijoe559]

As I use norton antivirus, I came across this warning as my Zdaemon stopped working because I cancelled the update (due to the updater freezing).

 

Im assuming Norton deleted Zdaemon due to the fact that it was changing something in registry

If anybody has any answers to this please come up as this is very odd for Zdaemon, as this never happened for the last updates

[DoomSpud]

Norton is straight fucking garbage (like most antivirus software).
It used to quarantine Builder.exe after unpacking the zip file claiming it was a virus.
Do yourself a favour and stop using it.

[gijoe559]

46 minutes ago, DoomSpud said:

Norton is straight fucking garbage (like most antivirus software).
It used to quarantine Builder.exe after unpacking the zip file claiming it was a virus.
Do yourself a favour and stop using it.

Well noted

[DoomSpud]

2 hours ago, gijoe559 said:

Well noted

I haven't used an antivirus for years. All they do is slow your CPU and chew up your RAM in the background which hampers the performance of everything else. They aren't really essential unless you deliberately lurk areas of the internet where you really shouldn't. The built-in windows firewall/defender is all 99% of computer users will ever need for defence. Some people even pay monthly or yearly fees for "antivirus protection"... it's unbelievable what sort of useless crap people will throw their money at...

[AF-Domains.net]

It is related to the following change that was introduced relatively recently:
 

22. ZLauncher can now become the system-wide handler of the zds://
    protocol.

Either way, it is completely harmless.

[DoomGater]

And I guess this belongs not here. Didn't you know there's a forum for questions concerning source ports?

https://www.doomworld.com/forum/6-source-ports/

[Cruduxy Pegg]

I think the virus you have is Norton.

[hella knight]

Look up 'false positive' in terms of antivirus :) something everyone who uses torrents has probably encountered

[DoomSpud]

23 minutes ago, hella knight said:

Look up 'false positive' in terms of antivirus :) something everyone who uses torrents has probably encountered

Ahhhhh, that's what they call it?

[Graf Zahl]

I think Norton is smart for revealing ZDaemon's true identity... :P

 

For the record: Having to trust some closed source third party software for handling an internet protocol is a big no-go for me and this may be enough for antivirus software to show a red flag. There's nothing wrong here with showing a message, it properly warns that the program is trying to act as a global responder to some data.

 

What can be criticized is the action. Blanketly assuming that it needs to be blocked will render any legitimate action of this type impossible, it should at least *ASK* if what's being attempted is ok, unless the action is an unambiguous attack on the system, which this is clearly not.

 

Of course it's neither acceptable that ZDaemon is apparenly trying to muck around with the system in such a manner without proper feedback to the user. One more reason not to use it.

 

7 minutes ago, DoomSpud said:

Ahhhhh, that's what they call it?

 

No, this isn't a false positive. A false positive would mean that an executable is falsely identified by some malware signature.

What happened here is that a suspicious action (i.e. something the program actively did!) by ZDaemon was intercepted.

 

[DoomSpud]

8 minutes ago, Graf Zahl said:

What can be criticized is the action. Blanketly assuming that it needs to be blocked will render any legitimate action of this type impossible, it should at least *ASK* if what's being attempted is ok, unless the action is an unambiguous attack on the system, which this is clearly not.

 

A false positive would mean that an executable is falsely identified by some malware signature.

Yeah, as I mentioned above Norton, AVG and Avast have all in the past flagged 'Builder.exe' when I've downloaded a new version and unpacked the zip... they'd throw up a message saying "yada yada yada this file is dangerous blah blah blah file has been quarantined..." and it would remove it from the Builder folder so I couldn't click it or run it from my desktop shortcut. TOTAL FUCKING PAIN IN THE ARSE!!! I'd have to remember to switch my anti-V's off before unpacking zip files and then turn them back on (which strangely never "retro-flagged" anything... it would only do it during the unzipping process, never after... oddly...).

After a while I just fucked all my antivirus software off. Got sick of having to babysit it and reassure it "no, that's file is ok... so is that one... AAAAND that one... and that one too you muthafucker!! STOP IT!!!".

[Graf Zahl]

I, too got fed up by the AV software, I had been using Avast for a long time until it started removing stuff I needed and broke legitimate installations.

Then I tried BitDefender and eventually the same happened.

 

I ultimately switched to Microsoft's built-in solution. It only flagged one false positive so far but at least it ASKED me what to do about it when it happened so I could add it to the whitelist.

 

 

[gijoe559]

It was definitely a false positive, more or less Norton's "SONAR" protection detects anything as a virus. The main reason that i made this post although is to see exactly what triggered Norton to add 7 condoms on my computer just because of the new update. I have now learned that you should actually switch the option to automatically remove threats off. Antiviruses are acceptable sometimes, but the fact that Norton FUCKING WATCHES EVERY FUCKING APP for something slightly odd to happen, it goes apeshit

[Barry Burton]

On 7/22/2019 at 5:14 PM, gijoe559 said:

It was definitely a false positive, more or less Norton's "SONAR" protection detects anything as a virus. The main reason that i made this post although is to see exactly what triggered Norton to add 7 condoms on my computer just because of the new update. I have now learned that you should actually switch the option to automatically remove threats off. Antiviruses are acceptable sometimes, but the fact that Norton FUCKING WATCHES EVERY FUCKING APP for something slightly odd to happen, it goes apeshit

 

This isn't just Norton. I mean, what else do you expect an A/V suite to do?

 

Remember, nothing is the same as it used to be. A/Vs can't rely just on signature based detection anymore. They have to analyze patterns and trends now. It's much more complex now than it has ever been.

[DoomSpud]

13 hours ago, R4L said:

It's much more complex now than it has ever been.

People are also now more paranoid then ever before...

[Cackledemon]

It bewilders me that signature-based detection was ever a solution.

[Reisal]

Now if ZDaemon didn't lock themselves out, unlike every other source port out there..

[Flambeau]

On 7/30/2019 at 6:20 PM, Armaetus said:

Now if ZDaemon didn't lock themselves out, unlike every other source port out there..

I dont get how this related to the handling of the ZDS:// protocol.

 

As stated by AF-Domains.net earlier, this is what caused it.

 

In my opinion this answers the question being asked, and lets not get that answer buried in non related talk for the sake of ppl searching the answer.