Jump to content

RestoreWindowPos v0.18.0 false positive


Crozzers

Recommended Posts

The program was flagged as "Agent.Spyware.Stealer.DDS" when uploaded to VirusTotal as part of the Chocolatey package approval flow.

It's an open source Python project which is bundled into an executable using Pyinstaller. I use NSIS to create an installer out of the bundled executable. Here are the relevant source files used in this process:

I've attached the file in question to this thread (checksum).

 

It would be great if the false positive form didn't autoclose tickets if your email doesn't have a subscription associated with it, seeing as my profile is starting to look like a spam bot.

RestoreWindowPos_install.zip

Link to post
Share on other sites

On 10/23/2023 at 10:14 PM, Porthos said:

Are you referring to the email help desk?

No, I was referring to the support form here: https://support.malwarebytes.com/hc/en-us/requests/new.

I appreciate this is a product help form as well as a false positive report form but most AV companies have a FP form that doesn't require you to have a license for that particular AV product

Link to post
Share on other sites

5 hours ago, Crozzers said:

but most AV companies have a FP form that doesn't require you to have a license for that particular AV product

This forum is the official place to report False positives.

If the support desk did not auto-close the ticket due to no license, they would have sent you here anyway.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.