Erriez SysEx MIDI-IO app almost impossible to install/use with BitDefender constantly deleting #25
Comments
|
@OriginalMossMan Thanks for your time reporting this issue. The goal of this project is publishing a useful open source MIDI tool without intention to include malware. Converting the Python code to a binary Windows executable is the tricky part which may result in in false positives with some virusscanner/malware detection applications such as Bitdefender. This is a known issue as described in the README.md. I can provide you some guidelines what I did to minimize risk:
A quick scan on Windows 11 with latest updates did not report issues:
If you find any malware (not false positive), please let me know and I'll take action. If you still don't trust the executables, I recommend to build the application from source. When you convert to an executable, you may encounter false positives as well. I hope this explains that the project contains good intentions. |
|
On 12 October 2024 12:00:43 BST, Erriez ***@***.***> wrote:
@OriginalMossMan Thanks for your time reporting this issue. The goal of this project is publishing a useful open source MIDI tool without intention to include malware. Converting the Python code to a binary Windows executable is the tricky part which may result in in false positives with some virusscanner/malware detection applications such as Bitdefender. This is a known issue as described in the [README.md](https://github.com/Erriez/midi-sysex-io/blob/main/README.md#false-positives-virusscanners).
I can provide you some guidelines what I did to minimize risk:
- As you already discovered, the Python code of this project is clean.
- The used packages listed in `requirements.txt` are regularly updated and scanned via [Github dependabot.yml](https://github.com/Erriez/midi-sysex-io/blob/main/.github/dependabot.yml).
- The generated executables are built via Github Actions and includes a sha1 checksum in the [build logs](https://github.com/Erriez/midi-sysex-io/actions/runs/10255574967) and [release page](https://github.com/Erriez/midi-sysex-io/releases). This way you can verify that the executables are uploaded via Github.
- The build process uses Nuitka tooling which confirmed to be an issue generating [false positives](Nuitka/Nuitka#1470).
A quick scan on Windows 11 with latest updates did not report issues:
If you find any malware (not false positive), please let me know and I'll take action.
If you still don't trust the executables, I recommend to build the application from source. When you convert to an executable, you may encounter false positives as well.
I hope this explains that the project contains good intentions.
--
Reply to this email directly or view it on GitHub:
#25 (comment)
You are receiving this because you were mentioned.
Message ID: ***@***.***>
Thanks for the confirmation. I also sent a false-positive report to BitDefender, so hopefully they will confirm and fix.
…--
Geoff Morris
|
Version
master
Description
v1.0.1 - BitDefender constantly blocks and deletes every single (temporary) file while trying to install or run the standalone program. Reported as Gen:Variant.Lazy.608271
I hope this is a false positive and not actual malware! It seems to be in the Windows packaging as there are no notifications if I download and browse the source.
Testcase
In Windows, install Bitdefender then try to install or run the SysEx app. You will encounter pop-ups announcing quarantine at every action.
Sketch
Logs
Checks
Export restrictions.
The text was updated successfully, but these errors were encountered: