Topic: Windows detect Virus XPE  (Read 161 times)

Windows detect Virus XPE
« on: October 23, 2020, 05:25:17 AM »

jtcom

  • Apprentice
  • *
  • Date Registered: Jul 2020
  • Posts: 5


builder xpe ERROR

Re: Windows detect Virus XPE
« Reply #1 on: October 23, 2020, 05:28:59 AM »

jtcom

  • Apprentice
  • *
  • Date Registered: Jul 2020
  • Posts: 5



????

Re: Windows detect Virus XPE
« Reply #2 on: October 23, 2020, 12:23:05 PM »

APT

  • Grand Chef
  • *****
  • winpe enthusiast
  • Location: UK
  • Date Registered: Nov 2012
  • Posts: 1150
Hi jtcom

you'll find one of the first instructions of all our help files is to make an AV exception for the Project folder because of  these well known false positives

regards APT
« Last Edit: October 23, 2020, 03:49:51 PM by APT »

Re: Windows detect Virus XPE
« Reply #3 on: October 23, 2020, 03:34:09 PM »

thaiteamz

  • Apprentice
  • *
  • Date Registered: May 2020
  • Posts: 7
Hi jtcom

you'll find one of the first instructions of all are help files is to make an AV exception for the Project folder because of  these well known false positives

regards APT


Thank you Sir

Re: Windows detect Virus XPE
« Reply #4 on: October 23, 2020, 04:28:20 PM »

APT

  • Grand Chef
  • *****
  • winpe enthusiast
  • Location: UK
  • Date Registered: Nov 2012
  • Posts: 1150
Hi thaiteamz

no problem, also quote from project author on GitHub

Quote
Note AV: By its nature, Win10XPE uses programs or applications which uses functions at the core of windows.
Some AntiVirus mark them as positive. These are false alarms.
An example with NitSoft's ProduKey to Recover lost Windows product key, 12 engines detected this file as Unsafe or Hacktool, that's not true.
You can read this blog written by the same author as ProduKey:Antivirus companies cause a big headache to small developers.
Blog written in 2009, the situation did not get any better.
It shouldn't be like that and it's really frustrating. The work of AV companies should be better.
They should be reprimanded for this, we are their customers.
I can only advise you to put an exclusion on the Win10XPE folder.
« Last Edit: October 23, 2020, 04:29:33 PM by APT »

Re: Windows detect Virus XPE
« Reply #5 on: November 10, 2020, 03:21:07 PM »

DocDJ

  • Jr. Chef
  • **
  • Date Registered: Dec 2016
  • Posts: 20
I'm running windows 10 pro X64 (Version 2004 - OS build 19041.572). Windows Defender reports that Trojan:Win32/CryptInject!ml has been found in the latest WIN10XPE download file. Is this an EXPECTED detection we should override? And what is to prevent the download file from being hacked to insert a REAL virus? OR can you post an SHA key for the ZIP file that we can use to verify it is valid, as many other sites do and allow us to tell our AV program to ignore it this time? And if we override it, what if it shows up from some OTHER source?  :confused:

Re: Windows detect Virus XPE
« Reply #6 on: November 10, 2020, 05:55:38 PM »

APT

  • Grand Chef
  • *****
  • winpe enthusiast
  • Location: UK
  • Date Registered: Nov 2012
  • Posts: 1150
Hi

Win10XPE_2020-11-01.7z

CRC32: D508F9CF
MD4: 0E42F8E88D91CD08E9B31F1A9B29A0CB
SHA-1: 8EA3A52FF0AAF321D8B60AFBF9FD723EE64EACE4
SHA-256: DEBC103E8AF68F7A4BB0052F25269A4C8D96B8B4F2E3AFA39DB2EDD329D1B81F

This comes up very frequently, we can assure you about false positives and the project author ChrisR is very conscious of security, just
this project alone has had 230K d/ls. As you know from the help files we advise you to make an AV exception for the project folder, but at the
end of the day, as with anything you d/l on the net, if you don't feel safe - don't use it.

ps:  but of course you're right to be cautious
« Last Edit: November 10, 2020, 06:36:40 PM by APT »

Re: Windows detect Virus XPE
« Reply #7 on: November 10, 2020, 07:53:25 PM »

DocDJ

  • Jr. Chef
  • **
  • Date Registered: Dec 2016
  • Posts: 20
Thanks so much for the keys. I've had to rebuild a coup[le of systems that got hit with ransom-ware so I am REALLY paranoid (of course, it isn't paranoia if they really ARE out to get you.) :lol:

 

Powered by EzPortal