Jump to content

False Positive: Cygwin Installer (AGAIN!)


swwright

Recommended Posts

I am presently using Malwarebytes Anti-Ransomware (BETA) 0.9.16.484.

Cygwin have released a new version of their installer: version 2.875.  I downloaded it, I ran it, and MBARW stomped on it.  Again.  Same as it did with version 2.874.  Whatever you did to make it not stomp on 2.874, does not work with 2.875.

Worse, MBARW stomped on the Cygwin installer while it was updating packages.  Cygwin is presently unusable.  MBARW not only falsely stopped a useful program, it BROKE the useful program.

I'm going to go back to my former practice: when I update Cygwin packages (which is done via their installer), I will disable MBARW first.  Then enable it when I'm done.

Attached please find the MBARW logs, taken after I rebooted my PC.  Also please find the "Malwarebytes Anti-Ransomware" folder, both before the reboot and after.  The two sets of files are different in number and in content, so I'm sending them both.   Finally, please find a ZIP archive of the Cygwin installer, version 2.875.  Which you people claim is dangerous.  I disagree.  At present, I must regard MBARW itself as more dangerous.

logs.zip

Malwarebytes Anti-Ransomware-BeforeReboot.zip

Malwarebytes Anti-Ransomware.zip

setup-x86-2.875.exe.zip

Link to post
Share on other sites

Hello swwright and welcome back:

I sympathize with you and I certainly do understand your frustration concerning the Cygwin installs.  Please be assured, this situation is a priority with the MBARW Beta developer team.

Available data strongly suggests a false positive, and since the following pathname has been entered in MBARW GUI -> Exclusions, and the binary has been uploaded to the developers, please allow the entry to remain until you are requested to remove it:

                         D:\Cygwin\install\setup-x86-2.875.exe

Reference: https://www.virustotal.com/file/2089243a77b5cae12a9fc6bf8710c95d655c27d20a4965b3355027f469d43184/analysis/ Unsigned

Please note: For your system's safety, if the protections of MBARW Beta, in the Windows system in question, are going to be suspended during any installer/setup process, I personally recommend the installer/setup executable be made to pass a stringent external vetting process that minimally involves a submission to VirusTotal.com

At any time, a MBARW development team member, QA team member or Staffer may request the above temporary exclusion be altered/deleted.

Thank you for beta testing MBARW and your valuable feedback.

Link to post
Share on other sites

OK, I ran the installer past VirusTotal.com.  VirusTotal uploaded the installer, and informed me it had already been analyzed, with a score of 0 / 56.  It was first analyzed about ten hours before I typed this sentence (at 2016-08-31 15:36:16 UTC).

So I instructed VirusTotal to analyze the file again.  They ran the file I uploaded through 56 antimalware tools, and again reported a score of 0 positives from 56 different tools.

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.