Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Potential Trojan in electron builder uninstaller. #4878

Closed
shrinidhi111 opened this issue Apr 15, 2020 · 2 comments
Closed

Potential Trojan in electron builder uninstaller. #4878

shrinidhi111 opened this issue Apr 15, 2020 · 2 comments

Comments

@shrinidhi111
Copy link

  • Version:
    22.4.1
  • Electron Version: 8.2.0
  • Electron Type (current, beta, nightly): current
  • Target: NSIS

There seems to be a code signing issue in Windows while using pfx certificate as described in this issue #4383

Apparently it is only a problem when using electron-builder version 22.4.1.

What's more, only in this version do I get a Windows Security Notification whenever I try to build. It seems Windows is finding a Trojan and therefore interferes with the signing process. Not sure when is a false positive or not. Or only with my system or not.

But I do not get any such errors with the previous major build.

trojan
@shrinidhi111 shrinidhi111 mentioned this issue Apr 15, 2020
Closed
@b-zurg
Copy link
Contributor

b-zurg commented Apr 16, 2020

Could you run a scan on virustotal and post the results here? https://www.virustotal.com/gui/home

This would provide some pretty critical information about whether this is legit or a false positive.

@develar
Copy link
Member

develar commented Apr 16, 2020

False positive, until MS Defender is not fixed, NSIS version was reverted. Please try 22.5.1

@develar develar closed this as completed Apr 16, 2020
@tomlrd tomlrd mentioned this issue Apr 26, 2020
Closed
@anixon604 anixon604 mentioned this issue May 1, 2020
Closed
@ashishBharadwaj ashishBharadwaj mentioned this issue Jul 4, 2020
Closed
@andydotxyz andydotxyz mentioned this issue Oct 21, 2020
Closed
undergroundwires added a commit to undergroundwires/privacy.sexy that referenced this issue Feb 27, 2022
@undergroundwires
Fix Microsoft Defender alert for uninstaller #114
6643d95 
Microsoft Defender considers the uninstaller virus. It's a
false-psoitive caused by `electron-builder` used to build NSIS package.

This commit solves the issue by explicitly adding `electron-builder` as
dependency. This way, `vue-cli-plugin-electron-builder` always resolves
to the desired version. Now the version used for `electron-builder` is
more controlled. New uninstaller generated by latest specified patch
does not trigger an alert, which solves the false-positive issue.

See also :
  - electron-userland/electron-builder#4793,
  - electron-userland/electron-builder#4878.
undergroundwires added a commit to undergroundwires/privacy.sexy that referenced this issue Feb 27, 2022
@undergroundwires
Fix Microsoft Defender alert for uninstaller #114
112e79a 
Microsoft Defender considers the uninstaller virus. It's a
false-psoitive caused by `electron-builder` used to build NSIS package.

This commit solves the issue by explicitly adding `electron-builder` as
dependency. This way, `vue-cli-plugin-electron-builder` always resolves
to the desired version. Now the version used for `electron-builder` is
more controlled. New uninstaller generated by latest specified patch
does not trigger an alert, which solves the false-positive issue.

See also:
  - electron-userland/electron-builder#4793,
  - electron-userland/electron-builder#4878.
LarrMarburger pushed a commit to LarrMarburger/privacy.sexy that referenced this issue Nov 16, 2023
@undergroundwires
Fix Microsoft Defender alert for uninstaller #114
f847e96 
Microsoft Defender considers the uninstaller virus. It's a
false-psoitive caused by `electron-builder` used to build NSIS package.

This commit solves the issue by explicitly adding `electron-builder` as
dependency. This way, `vue-cli-plugin-electron-builder` always resolves
to the desired version. Now the version used for `electron-builder` is
more controlled. New uninstaller generated by latest specified patch
does not trigger an alert, which solves the false-positive issue.

See also:
  - electron-userland/electron-builder#4793,
  - electron-userland/electron-builder#4878.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@develar @shrinidhi111 @b-zurg