ECWolf SVN Marked as Virus By Windows Defender

[GamingMarine]

I just recently got an SVN build of ECWolf (My PC was also updated as well), and... let's just say it's having problems.

 

Windows Defender marked ECWolf as having some trojan called Trojan:Win32/Azden.A!cl. It's "taking action" right now, and it's not really doing anything. Now, whenever I try to load up ECWolf, I get this error message:

 

"C:\Users\User\Desktop\Other Games\Wolfenstein 3D (ECWolf)\ecwolf.exe"

 

"Operation did not complete successfully because the file contains a virus or potentially unwanted software."

 

Can someone help me out on this?

[<inactive>Player Lin]

I tried the latest dev. build of ECWolf and throw them into VirusTotal and both are fine. Don't know if you're using the latest one or not.

 

ecwolf-171203-0531 x86:

https://www.virustotal.com/#/file/24b1c826a88a471247f3c329f953da1ce3234d8030f6bd362a033cdf6d630f0e/detection

ecwolf-171203-0531 x64:

https://www.virustotal.com/#/file/45748f923f4b0bdc9c1ab89c1e1584fd87804e859a3a1a817da58f17aa26d213/detection

 

You can got the latest SVN/dev. build of ECWolf here.

https://devbuilds.drdteam.org/ecwolf/

[GamingMarine]

The version that I had gotten was from the DRD Team Development page (Dec 03 2017), and the VirusTotal page told me that I need an account in order to download the file.

[GamingMarine]

Okay, so I found a solution. It's not a very good one, but it'll do.

 

It turns out that I need to use the build BEFORE the latest (Nov 13 2017), and NOW it works without the warning.

This is a really stupid solution, but it's the only solution I currently have.

[<inactive>Player Lin]

It's already stupid as doomed hell when false alert happens. /facepalm

 

You don't needed/cannot download the uploaded files in VirusTotal, and that's the same one from DRDTeam dev. build site, so you already have them.
 

Maybe the next Windows update may fix this silly problem I guess, if you still want to that M$ shit. The other way is just wait the new dev. build come out and see if that shit still complains... :p

[therektafire]

My suggestion would be to throw that shit into the recycle bin and get a better antivirus lol

[Blastfrog]

I wonder if the high levels of false positives is to discourage using 3rd party apps in the hopes that they'll use the Microsoft app store (or whatever it's called) instead.

[Edward850]

58 minutes ago, Blastfrog said:

I wonder if the high levels of false positives is to discourage using 3rd party apps in the hopes that they'll use the Microsoft app store (or whatever it's called) instead.

 

No. Your tinfoil hat is showing.

This would have the opposite effect, being that it would actually be a detriment to them. If Defender purposefully reported false positives, people wouldn't use Defender, seeing as it can be disabled quite easily by the end user. It's to their benefit to actually make it reliable.

 

"But Edward, why is it then reporting ECWolf as a virus when it's obviously not!?"

Because malware isn't deterministic code, and can only be detected either through commonality of the program or algorithmic determination of the byte code through static analysis and the programs environment. As ECWolf is particularly rare, it can only do the latter, which it has incorrectly determined some kind of malware to exist through comparatively similar analysis.

Alternatively, it could be that some kind of malware is actually already in his computer and is rewriting executables on the fly.

 

And if you are sure you trust a specific program, you can always add an exclusion.

Edited December 16, 2017 by Edward850

[GamingMarine]

19 hours ago, Edward850 said:

And if you are sure you trust a specific program, you can always add an exclusion.

 

Thank you so much. Windows Defender was actually starting to mark EVERY version of ECWolf as having the trojan, and your tip helped me out.