Re: Windows defender marking NVDA a trojan

Rosemarie Chavarria
 

Why don't you trust security programs? They're there for your protection. I won't say anything more.

-----Original Message-----
From: nvda@nvda.groups.io [mailto:nvda@nvda.groups.io] On Behalf Of zahra
Sent: Sunday, February 9, 2020 12:29 AM
To: nvda@nvda.groups.io
Subject: Re: [nvda] Windows defender marking NVDA a trojan

but i realy dont trust any security program and never use them.
i am waiting for your email, but did not recieve your reply.
did you recieve my email in the first days of new year?

On 2/9/20, Shaun Everiss <@smeveriss> wrote:
Hmmm I would really like some sort of antivirus/antimalware program
that you could add an exclude list to, and freely share it about.

In the list I would like:

1. the name of the file and where it came from, and also a reason why
I excluded it.

I would also like the program to scan all my excludes and then send
the files to various companies etc after testing them with say
virustotal and such and have them fixed in the rightt databases.

I'd actually like a virustotal protection and on demand scanner but
thats probably not possible.

There are various talking winpe disks about.

The easiest way to make the thing work for linux would to use
something ubuntu mate which is easy to use or something like grml/
debian in command mode.

I've not actually managed to get many distros work out of the box.



On 9/02/2020 1:13 am, coffeekingms@... wrote:

Hi

I want to weigh in hear, a bit. I’m no security expert, at all, but I
see a couple of possible options hear. Are there any compatible ISO
images that can be put on a USB flash drive, windows and Linux, that
can be used to scan a drive, backup drives, etc for malware and
remove any that is found? Since we’re talking about exclusions, a way
to exclude false positives, and remove the negatives? I know virus
detection is complicated, and I don’t presume to have a perfect
solution, but it’s an option. Have whatever security software you
like, whichever works, but have a backup, that is separate from your
computer, so if gets infected by something nasty, you can boot
something self contained to work with. The images would have to be
accessible out of the box, without any setup needed, and I’m not sure
anything exists. I know for Linux there’s kali, bt I believe that’s
for penetration testing and the like. If not, I’d be happy to try to
put something together, if anyone is interested. Again, I’m not an
expert, and I’m not even sure how to do this but I’d be willing to
try. I’m not sure about the windows licensing and such, so it might
not be possible to put a windows based one together, but Linux is
another story. I’m not advocating Linux, but … oh hell. I don’t want
to start a flame war. Another option is to have backup software on a
flash drive that can run from a flash drive, but you’d need a
functioning system to run it.

Thanks

Kendell Clark

Sent from Mail <https://go.microsoft.com/fwlink/?LinkId=550986> for
Windows 10

*From: *Shaun Everiss <mailto:@smeveriss>
*Sent: *Saturday, February 8, 2020 3:59 AM
*To: *nvda@nvda.groups.io <mailto:nvda@nvda.groups.io>
*Subject: *Re: [nvda] Windows defender marking NVDA a trojan

Using no security at all is dumb and stupid.

You should always have some of it.

A false negative means you get a virus and loose stuff.

Thats happened to one of my cousins ironically because he forgot to
update his norton subscription and he lost a lot of stuff, he had to
reformat to make the problem go away.

He couldn't do that himself and had to take the pc to somewhere to
get it fixed, it cost him a lot of cash.

While I am not against using security software in general I am
dissapointed and disheartened at the reasonable amount of noise in
the scans.

I know what the false positives are and what they are but unless I
make exclude lists for my software things will just get destroyed by
the software, don't use it and its worse.

But it depends what you do.

If you just use windows store apps, email via google, etc, chances
are you will be probably fine especially if everything is done in the
cloud as there is some protection there but its not perfect.


I wouldn't go about bragging you do not use security software as it
is very dangerous.

At the same time, it does concern me that every update of the so
called databases there is a chance that something else will be added
to my noisy scan data.

This means I need to lower my security by excluding things.

I do not at any way shape or form feel good about this but what else
can I do.

And I far better be complaining about false alarms than getting a
virus, I just wish things would get easier.

Something changed in the year 2003 which started us down the road of
the security nightmare we are on now.

At first, a few programs, but by 2007 we were seeing noisier and
noisier data and by 2012 it was really bad.

Since 2015 its plattoed at a point not going up or down which I guess
is good, however I'd like it to go back to normal.

I shouldn't get any message from my security software unless I have a
virus and can decide on the action.

Instead I get told I have a virus which is either something new, old
or that has been working before.

Instead of running malwarebytes which I no longer have installed on
any of my systems and full scanns of windows security or others, I
don't scan at all bar a quick scan or so which is done automatically.

Back in the day I would regular do this.

But now my system is infested with a lot of viruses and I know that
all of them are false positives and they never change so I don't
upgrade or anything.

Well I don't use a thirdparty scanner, put it that way.

I started with sophos but it made sure to make all the viruses go
away screwing up my system.

It took me a great deal to reinstall windows from scratch and get
everything back.

The meaning of security software is to at least be a guide to security.

I am more insecure with security software so I have to force it to
behave.

At the same time I wouldn't go without it.

All those ransomware attacks, botnets and malwarebreaches are worse
than any false positive.

Yet I really wish they would stop.

I manage a blog and a server on wordpress and do use security software.

And I havn't lost anything that wasn't supposed to be a problem, all
my files are there, no problem.

Yet in user computers companies think they can just do what they want.






On 8/02/2020 10:05 pm, zahra wrote:
false positive and false negative, are two of the main factors that
i never trust and never use security programs, antivirus,
antimalware, etc.
not sure about firewalls, but i never used and i am not familiar
with there method and the level of there reliability.
in the previous weeks, maybe in the first days of new year, i sent
an ofline email for you, but unfortunately i did not recieve your
reply and i am waiting for
your answer!
God bless you and thanks so much for your helpful replies as always.

On 2/8/20, Shaun Everiss <@smeveriss> wrote:
Just about every antimalware program has this false positive.

Kaspersky and a few others are supposed to be better.

Anyway what I actually said was that these programs at least some
of them detect more false than well who knows.

I have never got a virus in the last 10 years but I have got a lot
of false alarms.

Not sure about win8 etc, but yes you can exclude stuff you know is
not a
problem.

It would be good actually if you excluded the file you could
report all your excluded files to the maker like microsoft and for
each you could state what it was, etc and maybe get support on it.

The issue I have and maybe others, is that while some of the stuff
we know about, I spend more time stopping false alarms than actual
viruses.

I am not sure if thats a good or bad thing but its certainly
stopped me from getting any serious security software.

If windows defender and malwarebytes cause this much trouble with
a false positive, then I really don't want to know what a really
good antivirus will say.

But basically everything on your system is a potential virus
depending on the detections and stuff used.

And with the cloud based ai, I doubt that at the automated level
there is much control.

If you tell them they will fix the issue but there is no reason to
think
it will stay fixed.

As a result all the false alarms make the display of the software
noisy.

As I said, right now I have so many security holes in my computer
caused
by so many folder excludes that if it wasn't for ransomware, I
have
half
a mind to exclude my entire hard drive or even disable the windows
security subsystem.

However there is always the if factor so I don't.

I havn't run any full system scans in the last 10 years, and I
havn't run any malware software in the last 5 years simply because
of this
issue.

With the so called inteligent stuff about bgt and maybe some older
software excluded, it seems that every software package needs a
security
certification id or something and while it would be nice to get
one, I do wander if I could get one myself for the purpose that
the software I have is not a problem or something.

I know some say I am just unlucky, but on all my other systems
with out blind games, blind software and blind accessible programs
there are no trogens at all and that in itself is a concern, no
excludes on any
of my
other systems yet.

Maybe I may exclude nvda just because I am concerned but still,
maybe I have over excluded because of all this going on.


On 8/02/2020 7:18 pm, zahra wrote:
Shaun,
did i understand it correctly?
i think that antivirus programs especially microsoft products,
scan the entire system and maybe remove our necessary and
important files even maybe nvda or even other files including
html, docx, audio and video files?
i remember that in one of the iranian websites, someone recorded
a tutorial which explained how to exclude our desired folders
from scanning by deffender.
his tutorial was for windows ten.
does windows deffender on windows 8 and 8.1 does the same things,
and it may removes our essential and important files without
worning or informing us about this matter?

On 2/8/20, Shaun Everiss <@smeveriss> wrote:
Yeah some of that software uses autoit and that is known to make
viruses.

At any rate its clunkey and slow as a language so I wouldn't
bother using programs written in it but you should be able to
exclude
things.

Yeah when microsoft security etc cleans things it turns user
account control on at 33% by default.



On 8/02/2020 3:41 am, Ron Canazzi wrote:
Hi Quenton,

In addition, I always have Defender set to update to the latest
version. I have had odd issues with it in the past. If you
are familiar with Steve's Clock, Defender flagged that consistently.
Even
after I allowed it under Defender settings, every time Windows
updates, it flags it again. I had to go into the settings and
manually exempt the Steve's clock folder from Defender scans.
Even then, it always brings up User Account Control when I run
it. It never comes up in start up--even though I have it set
to run at
start
up. I have reported this to both the program developer and
Microsoft
with no change. I am glad that this isn't happening with NVDA
on my
system.


On 2/7/2020 1:00 AM, Quentin Christensen wrote:
I believe this only affects Windows 10 at this stage? Perhaps
Rosemarie and Ron are using Windows 7? Or their Defender
hasn't updated to the latest definitions maybe?

On Fri, Feb 7, 2020 at 4:30 PM Ron Canazzi
<aa2vm@... <mailto:aa2vm@...>> wrote:

Hi Group,

I also do not have this issue with RC3.


On 2/7/2020 12:28 AM, Rosemarie Chavarria wrote:
Hi, Quentin,

I'm not having this problem on my system. I'm using
espeak but I
wonder if I should use something else just to be on the
safe side.

Rosemarie

*From:*nvda@nvda.groups.io <mailto:nvda@nvda.groups.io>
[mailto:nvda@nvda.groups.io] *On Behalf Of *Quentin
Christensen
*Sent:* Thursday, February 6, 2020 8:14 PM
*To:* nvda@nvda.groups.io <mailto:nvda@nvda.groups.io>
*Subject:* [nvda] Windows defender marking NVDA a
trojan

Hi folks,

It was NVDARemote the other week, now it seems it's our
turn for
Microsoft's random unfounded accusations. If you try
to
install
the release candidate of NVDA 2019.3, Windows Defender will
alert you it has found a trojan in eSpeak NG and
blocked it.
The install of NVDA will fail.

As a workaround for now, you can create a portable copy
of the
RC and that should run fine. You won't be able to use
eSpeak
NG.

NVDA 2019.2.1 installs and runs fine, even using eSpeak
NG (it
uses a different build of eSpeak NG).

I am not sure whether this affects Windows 7 users as
well. I
have reported it to Microsoft but I would encourage
everyone
else to as well. To be honest, even aside from it
being our
program affected, this really annoys me. Defender has
NOT found
a trojan in eSpeak, its heuristic (machine learning)
has
guessed
that it looks a bit suspicious and flagged it - Ok that
happens,
but say that, don't say absolutely that a known malicious
software has been found.

It took a day or so to fix Defender's virus list and have
NVDARemote cleared, so I expect it will probably be
within about
the same timeline this time around. Apologies for the
inconvenience.

--

Quentin Christensen
Training and Support Manager

NVDA 2019.3 rc2 now available for testing:

https://www.nvaccess.org/post/nvda-2019-3rc2-now-available-for-testin
g/

Web: www.nvaccess.org <http://www.nvaccess.org>
<http://www.nvaccess.org/>

Training: https://www.nvaccess.org/shop/

Certification: https://certification.nvaccess.org/

User group: https://nvda.groups.io/g/nvda

Facebook: http://www.facebook.com/NVAccess
Twitter: @NVAccess <https://twitter.com/NVAccess>
--
They Ask Me If I'm Happy; I say Yes.
They ask: "How Happy are You?"
I Say: "I'm as happy as a stow away chimpanzee on a
banana boat!"



--
Quentin Christensen
Training and Support Manager

NVDA 2019.3 rc2 now available for testing:
https://www.nvaccess.org/post/nvda-2019-3rc2-now-available-for-testin
g/

Web: www.nvaccess.org <http://www.nvaccess.org>
<http://www.nvaccess.org/>
Training: https://www.nvaccess.org/shop/
Certification: https://certification.nvaccess.org/
User group: https://nvda.groups.io/g/nvda
Facebook: http://www.facebook.com/NVAccess
Twitter: @NVAccess <https://twitter.com/NVAccess>
--
They Ask Me If I'm Happy; I say Yes.
They ask: "How Happy are You?"
I Say: "I'm as happy as a stow away chimpanzee on a banana boat!"




--
By God,
were I given all the seven heavens
with all they contain
in order that
I may disobey God
by depriving an ant
from the husk of a grain of barley,
I would not do it.
imam ali

Join nvda@nvda.groups.io to automatically receive all group messages.