Forgot your password?
Posted August 22
The site is www.ssesetup.com. I am the owner of this site and of the SSE Setup software product, a known installer product, both of which have been around with good reputation for over 15 years. This site does NOT have any malware on it and never has. You previously blocked my site last year and I had to contact you and you have also incorrectly flagged my software in the past. I don't know what it is with your detection mechanisms, but you need to overhaul them... Thank you. -Chris Long, SSE Setup, www.ssesetup.com
in Website Blocking
Posted September 2, 2019
Hi, I've been alerted that my website www.ssesetup.com is being flagged by this extension. There isn't now nor ever has been any malware on the site. Appreciate this being looked into. Thanks, Chris Long, SSE Setup
in File Detections
Posted January 19, 2019
Thank you Mieke. In my limited re-testing this afternoon with my latest SSE Setup release, it looks like the problem is solved.
Posted January 17, 2019
I am the author of SSE Setup (www.ssesetup.com), a program installer/uninstaller. Your software is flagging all created Setup files that aren't signed as "MachineLearning/Anomalous.100%"
I have attached a ZIP with 4 different samples (2 full self-extracting installs, and 2 of just the Setup.exe that's detected) that are falsely detected but you cannot just whitelist the individual files as created Setup's could have different file properties (name, version info, etc.).
I have read your sticky forum post on Anomaly detections and as someone that's been dealing with Antivirus vendors since 2005 and has been a software developer much longer, I would take issue with several of your statements in that post. First, it is NOT true that signing has been standard for "decades". The practice of digitally signing didn't even begin to pick up any serious steam until 2006. Until Vista came on the scene with UAC very very few software developers even thought of bothering with signing, and it didn't become true common practice until around 2009-2010 (I know, I didn't even begin signing my own software until 2011), and there are still PLENTY of legitimate software packages out there that are not signed. You might not think that's wise or that you wouldn't want to install such software yourself, but there's plenty of other people that don't have as strongly of those concerns when downloading from reputable sites etc. No AV software should automatically assume that a file without digital signature is malware. In addition to that, you imply that your anomaly engine also sees both old versions of VB as well as executable packers as a sign of malware. While it IS true that some malware uses old versions of VB (which we both know you mean VB6), it's also true that malware uses LOTS of other development tools too, and it's also true that there is a huge amount of legitimate software out there in the wild that uses VB6. It's not just malware that uses it, but literally thousands and thousands of programs. It may be old, but it's still a popular and versatile environment and despite what you might think, there's still legit software being developed in it. As for executable packers, again, that is something that MANY legitimate software packages use. SSE Setup installers use the common UPX packer which has been used for 20+ years by all sorts of legitimate software (and which SSE Setup has used since 2005) and which most all AV products know is legit and not a reason to count negatively when figuring out potential malware. Malware authors don't usually bother with legit packers that are easily unpacked by most all AV products - they rely on custom-tweaked packers or obfuscators. In short, just because a program has or uses VB6, UPX, and isn't signed, does not mean it is malware or even most likely malware, and for the record I don't know of any other AV products' AI scanning engines that currently apply the weight to those things that your AI engine is seemingly applying (I know of several that USED to improperly weight those items but they fixed that years ago). Just because some malware authors use a tool that legit software also uses doesn't mean you penalize the legit software to try and catch the malware...
In any event, those are my general thoughts, but back to the immediate issue at hand - detection of SSE Setup installers. I can provide further info on how your software can specifically identify SSE Setup created installers if that will be of use, but would rather not post that info publicly - you can email me for that if that would help. I don't really care what your scanner does or doesn't do with its AI "try to guess malware" scanner as long as it leaves SSE Setup installers alone. Happy to help however I can. Thank you, Chris Long, developer of SSE Setup, www.ssesetup.com
Posted May 29, 2014
The user that reported this to me (with a screenshot) reports that the latest database no longer detects. It must have only occurred for a few days. You can delete this topic. Thank you for your quick response.
Posted May 25, 2014
I'm the developer of SSE Setup (www.ssesetup.com) a free and low-cost program installer. It has been reported to me that Malwarebytes is incorrectly detecting one component - a Setup install stub that is used in certain cases - as "Trojan.Shylock.XGen". I have attached the exact file to this issue inside the .ZIP file (password to open ZIP is "fp" (minus quotes). In addition, you can download SSE Setup 7.4 from my site and install it. The file in question (Setup.exe) will be located in the Program Files\SSE Setup 7.4\Internal\RuntimeInstallStub folder.
SSE Setup developer