Re: Windows defender marking NVDA a trojan

Peter Chin
 

Could you please give us the link to Carlos’s Windows PE?
 

Sent: Monday, February 10, 2020 8:11 AM
Subject: Re: [nvda] Windows defender marking NVDA a trojan
 

Hi,

 

Look at Windows PE.  This does work and I have one which is a portable version of Windows on a memory stick with various tools to repair computers, etc.

 

The late Carlos produced these.

 

Thanks.

 

 

From: nvda@nvda.groups.io [mailto:nvda@nvda.groups.io] On Behalf Of coffeekingms@...
Sent: 08 February 2020 02:13 PM
To: nvda@nvda.groups.io
Subject: Re: [nvda] Windows defender marking NVDA a trojan

 

Hi

I want to weigh in hear, a bit. I’m no security expert, at all, but I see a couple of possible options hear. Are there any compatible ISO images that can be put on a USB flash drive, windows and Linux, that can be used to scan a drive, backup drives, etc for malware and remove any that is found? Since we’re talking about exclusions, a way to exclude false positives, and remove the negatives? I know virus detection is complicated, and I don’t presume to have a perfect solution, but it’s an option. Have whatever security software you like, whichever works, but have a backup, that is separate from your computer, so if gets infected by something nasty, you can boot something self contained to work with. The images would have to be accessible out of the box, without any setup needed, and I’m not sure anything exists. I know for Linux there’s kali, bt I believe that’s for penetration testing and the like. If not, I’d be happy to try to put something together, if anyone is interested. Again, I’m not an expert, and I’m not even sure how to do this but I’d be willing to try. I’m not sure about the windows licensing and such, so it might not be possible to put a windows based one together, but Linux is another story. I’m not advocating Linux, but … oh hell. I don’t want to start a flame war. Another option is to have backup software on a flash drive that can run from a flash drive, but you’d need a functioning system to run it.

Thanks

Kendell Clark

 

 

Sent from Mail for Windows 10

 

From: Shaun Everiss
Sent: Saturday, February 8, 2020 3:59 AM
To: nvda@nvda.groups.io
Subject: Re: [nvda] Windows defender marking NVDA a trojan

 

Using no security at all is dumb and stupid.

You should always have some of it.

A false negative means you get a virus and loose stuff.

Thats happened to one of my cousins ironically because he forgot to
update his norton subscription and he lost a lot of stuff, he had to
reformat to make the problem go away.

He couldn't do that himself and had to take the pc to somewhere to get
it fixed, it cost him a lot of cash.

While I am not against using security software in general I am
dissapointed and disheartened at the reasonable amount of noise in the
scans.

I know what the false positives are and what they are but unless I make
exclude lists for my software things will just get destroyed by the
software, don't use it and its worse.

But it depends what you do.

If you just use windows store apps, email via google, etc, chances are
you will be probably fine especially if everything is done in the cloud
as there is some protection there but its not perfect.


I wouldn't go about bragging you do not use security software as it is
very dangerous.

At the same time, it does concern me that every update of the so called
databases there is a chance that something else will be added to my
noisy scan data.

This means I need to lower my security by excluding things.

I do not at any way shape or form feel good about this but what else can
I do.

And I far better be complaining about false alarms than getting a virus,
I just wish things would get easier.

Something changed in the year 2003 which started us down the road of the
security nightmare we are on now.

At first, a few programs, but by 2007 we were seeing noisier and noisier
data and by 2012 it was really bad.

Since 2015 its plattoed at a point not going up or down which I guess is
good, however I'd like it to go back to normal.

I shouldn't get any message from my security software unless I have a
virus and can decide on the action.

Instead I get told I have a virus which is either something new, old or
that has been working before.

Instead of running malwarebytes which I no longer have installed on any
of my systems and full scanns of windows security or others, I don't
scan at all bar a quick scan or so which is done automatically.

Back in the day I would regular do this.

But now my system is infested with a lot of viruses and I know that all
of them are false positives and they never change so I don't upgrade or
anything.

Well I don't use a thirdparty scanner, put it that way.

I started with sophos but it made sure to make all the viruses go away
screwing up my system.

It took me a great deal to reinstall windows from scratch and get
everything back.

The meaning of security software is to at least be a guide to security.

I am more insecure with security software so I have to force it to behave.

At the same time I wouldn't go without it.

All those ransomware attacks, botnets and malwarebreaches are worse than
any false positive.

Yet I really wish they would stop.

I manage a blog and a server on wordpress and do use security software.

And I havn't lost anything that wasn't supposed to be a problem, all my
files are there, no problem.

Yet in user computers companies think they can just do what they want.






On 8/02/2020 10:05 pm, zahra wrote:
> false positive and false negative, are two of the main factors that i
> never trust and never use security programs, antivirus, antimalware,
> etc.
> not sure about firewalls, but i never used and i am not familiar with
> there method and the level of there reliability.
> in the previous weeks, maybe in the first days of new year, i sent an
> ofline email for you,
> but unfortunately i did not recieve your reply and i am waiting for your answer!
> God bless you and thanks so much for your helpful replies as always.
>
> On 2/8/20, Shaun Everiss <sm.everiss@...> wrote:
>> Just about every antimalware program has this false positive.
>>
>> Kaspersky and a few others are supposed to be better.
>>
>> Anyway what I actually said was that these programs at least some of
>> them detect more false than well who knows.
>>
>> I have never got a virus in the last 10 years but I have got a lot of
>> false alarms.
>>
>> Not sure about win8 etc, but yes you can exclude stuff you know is not a
>> problem.
>>
>> It would be good actually if you excluded the file you could report all
>> your excluded files to the maker like microsoft and for each you could
>> state what it was, etc and maybe get support on it.
>>
>> The issue I have and maybe others, is that while some of the stuff we
>> know about, I spend more time stopping false alarms than actual viruses.
>>
>> I am not sure if thats a good or bad thing but its certainly stopped me
>> from getting any serious security software.
>>
>> If windows defender and malwarebytes cause this much trouble with a
>> false positive, then I really don't want to know what a really good
>> antivirus will say.
>>
>> But basically everything on your system is a potential virus depending
>> on the detections and stuff used.
>>
>> And with the cloud based ai, I doubt that at the automated level there
>> is much control.
>>
>> If you tell them they will fix the issue but there is no reason to think
>> it will stay fixed.
>>
>> As a result all the false alarms make the display of the software noisy.
>>
>> As I said, right now I have so many security holes in my computer caused
>> by so many folder excludes that if it wasn't for ransomware, I have half
>> a mind to exclude my entire hard drive or even disable the windows
>> security subsystem.
>>
>> However there is always the if factor so I don't.
>>
>> I havn't run any full system scans in the last 10 years, and I havn't
>> run any malware software in the last 5 years simply because of this issue.
>>
>> With the so called inteligent stuff about bgt and maybe some older
>> software excluded, it seems that every software package needs a security
>> certification id or something and while it would be nice to get one, I
>> do wander if I could get one myself for the purpose that the software I
>> have is not a problem or something.
>>
>> I know some say I am just unlucky, but on all my other systems with out
>> blind games, blind software and blind accessible programs there are no
>> trogens at all and that in itself is a concern, no excludes on any of my
>> other systems yet.
>>
>> Maybe I may exclude nvda just because I am concerned but still, maybe I
>> have over excluded because of all this going on.
>>
>>
>> On 8/02/2020 7:18 pm, zahra wrote:
>>> Shaun,
>>> did i understand it correctly?
>>> i think that antivirus programs especially microsoft products,
>>> scan the entire system and maybe remove our necessary and important
>>> files even maybe nvda or even other files including html, docx, audio
>>> and video files?
>>> i remember that in one of the iranian websites,
>>> someone recorded a tutorial which explained how to exclude our desired
>>> folders from scanning by deffender.
>>> his tutorial was for windows ten.
>>> does windows deffender on windows 8 and 8.1 does the same things, and
>>> it may removes our essential and important files without worning or
>>> informing us about this matter?
>>>
>>> On 2/8/20, Shaun Everiss <sm.everiss@...> wrote:
>>>> Yeah some of that software uses autoit and that is known to make
>>>> viruses.
>>>>
>>>> At any rate its clunkey and slow as a language so I wouldn't bother
>>>> using programs written in it but you should be able to exclude things.
>>>>
>>>> Yeah when microsoft security etc cleans things it turns user account
>>>> control on at 33% by default.
>>>>
>>>>
>>>>
>>>> On 8/02/2020 3:41 am, Ron Canazzi wrote:
>>>>> Hi Quenton,
>>>>>
>>>>> In addition, I always have Defender set to update to the latest
>>>>> version.  I have had odd issues with it in the past.  If you are
>>>>> familiar with Steve's Clock, Defender flagged that consistently. Even
>>>>> after I allowed it under Defender settings, every time Windows
>>>>> updates, it flags it again.  I had to go into the settings and
>>>>> manually exempt the Steve's clock folder from Defender scans. Even
>>>>> then, it always brings up User Account Control when I run it.  It
>>>>> never comes up in start up--even though I have it set to run at start
>>>>> up.  I have reported this to both the program developer and Microsoft
>>>>> with no change.  I  am glad that this isn't happening with NVDA on my
>>>>> system.
>>>>>
>>>>>
>>>>> On 2/7/2020 1:00 AM, Quentin Christensen wrote:
>>>>>> I believe this only affects Windows 10 at this stage?  Perhaps
>>>>>> Rosemarie and Ron are using Windows 7?  Or their Defender hasn't
>>>>>> updated to the latest definitions maybe?
>>>>>>
>>>>>> On Fri, Feb 7, 2020 at 4:30 PM Ron Canazzi <aa2vm@...
>>>>>> <mailto:aa2vm@...>> wrote:
>>>>>>
>>>>>>       Hi Group,
>>>>>>
>>>>>>       I also do not have this issue with RC3.
>>>>>>
>>>>>>
>>>>>>       On 2/7/2020 12:28 AM, Rosemarie Chavarria wrote:
>>>>>>>       Hi, Quentin,
>>>>>>>
>>>>>>>       I'm not having this problem on my system. I'm using espeak but I
>>>>>>>       wonder if I should use something else just to be on the safe
>>>>>>> side.
>>>>>>>
>>>>>>>       Rosemarie
>>>>>>>
>>>>>>>       *From:*nvda@nvda.groups.io <mailto:nvda@nvda.groups.io>
>>>>>>>       [mailto:nvda@nvda.groups.io] *On Behalf Of *Quentin Christensen
>>>>>>>       *Sent:* Thursday, February 6, 2020 8:14 PM
>>>>>>>       *To:* nvda@nvda.groups.io <mailto:nvda@nvda.groups.io>
>>>>>>>       *Subject:* [nvda] Windows defender marking NVDA a trojan
>>>>>>>
>>>>>>>       Hi folks,
>>>>>>>
>>>>>>>       It was NVDARemote the other week, now it seems it's our turn for
>>>>>>>       Microsoft's random unfounded accusations.  If you try to install
>>>>>>>       the release candidate of NVDA 2019.3, Windows Defender will
>>>>>>>       alert you it has found a trojan in eSpeak NG and blocked it.
>>>>>>>       The install of NVDA will fail.
>>>>>>>
>>>>>>>       As a workaround for now, you can create a portable copy of the
>>>>>>>       RC and that should run fine.  You won't be able to use eSpeak
>>>>>>> NG.
>>>>>>>
>>>>>>>       NVDA 2019.2.1 installs and runs fine, even using eSpeak NG (it
>>>>>>>       uses a different build of eSpeak NG).
>>>>>>>
>>>>>>>       I am not sure whether this affects Windows 7 users as well.  I
>>>>>>>       have reported it to Microsoft but I would encourage everyone
>>>>>>>       else to as well.  To be honest, even aside from it being our
>>>>>>>       program affected, this really annoys me.  Defender has NOT found
>>>>>>>       a trojan in eSpeak, its heuristic (machine learning) has guessed
>>>>>>>       that it looks a bit suspicious and flagged it - Ok that happens,
>>>>>>>       but say that, don't say absolutely that a known malicious
>>>>>>>       software has been found.
>>>>>>>
>>>>>>>       It took a day or so to fix Defender's virus list and have
>>>>>>>       NVDARemote cleared, so I expect it will probably be within about
>>>>>>>       the same timeline this time around. Apologies for the
>>>>>>> inconvenience.
>>>>>>>
>>>>>>>       --
>>>>>>>
>>>>>>>       Quentin Christensen
>>>>>>>       Training and Support Manager
>>>>>>>
>>>>>>>       NVDA 2019.3 rc2 now available for testing:
>>>>>>>
>>>>>>> https://www.nvaccess.org/post/nvda-2019-3rc2-now-available-for-testing/
>>>>>>>
>>>>>>>       Web: www.nvaccess.org <http://www.nvaccess.org/>
>>>>>>>
>>>>>>>       Training: https://www.nvaccess.org/shop/
>>>>>>>
>>>>>>>       Certification: https://certification.nvaccess.org/
>>>>>>>
>>>>>>>       User group: https://nvda.groups.io/g/nvda
>>>>>>>
>>>>>>>       Facebook: http://www.facebook.com/NVAccess
>>>>>>>       Twitter: @NVAccess <https://twitter.com/NVAccess>
>>>>>>>
>>>>>>       --
>>>>>>       They Ask Me If I'm Happy; I say Yes.
>>>>>>       They ask: "How Happy are You?"
>>>>>>       I Say: "I'm as happy as a stow away chimpanzee on a banana boat!"
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Quentin Christensen
>>>>>> Training and Support Manager
>>>>>>
>>>>>> NVDA 2019.3 rc2 now available for testing:
>>>>>> https://www.nvaccess.org/post/nvda-2019-3rc2-now-available-for-testing/
>>>>>>
>>>>>> Web: www.nvaccess.org <http://www.nvaccess.org/>
>>>>>> Training: https://www.nvaccess.org/shop/
>>>>>> Certification: https://certification.nvaccess.org/
>>>>>> User group: https://nvda.groups.io/g/nvda
>>>>>> Facebook: http://www.facebook.com/NVAccess
>>>>>> Twitter: @NVAccess <https://twitter.com/NVAccess>
>>>>> --
>>>>> They Ask Me If I'm Happy; I say Yes.
>>>>> They ask: "How Happy are You?"
>>>>> I Say: "I'm as happy as a stow away chimpanzee on a banana boat!"
>>>>>
>>>>
>>>>
>>
>>
>>
>

 

Join nvda@nvda.groups.io to automatically receive all group messages.