Hi,
I don't know if BI has a virus, but when I downloaded the latest update Microsoft (built in AV product) told me it had the Trojan:JS/Denali.A!ml.
the further details provided were:
containerfile: \\<removed>\update32.exe
file: \\<removed>update32.exe->(CABSfx)->ui3.zip->applet/loginScripts.js
webfile: \\<removed>update32.exe|https://blueirissoftware.com/50/update3 ... 1865602996
Can I have it confirmed that the update file is safe to use?
thanks
Updated detected with Virus
Re: Updated detected with Virus
details details details
1. Where did you get the update? Via the BI update button, or, manual download?
2. What AV are you using?
1. Where did you get the update? Via the BI update button, or, manual download?
2. What AV are you using?
Re: Updated detected with Virus
Hi doverton,
Please also send an email to support, as this is mainly a user to user forum, with a bit of assistance from support ! It IS the official BI forum though
We ALL need to know if there is an issue with updates, so please let us know what you find.
Please also send an email to support, as this is mainly a user to user forum, with a bit of assistance from support ! It IS the official BI forum though
We ALL need to know if there is an issue with updates, so please let us know what you find.
Forum Moderator.
Problem ? Ask and we will try to assist, but please check the Help file.
Problem ? Ask and we will try to assist, but please check the Help file.
Re: Updated detected with Virus
Hi,
I e-mailed support at the same time I posted to the forum, but I've not had a response, so I can't say what a formal response it.
I got the update file by downloading manually, however the update inside the product also got the same reaction from Microsoft Defender, the AV product that flagged the file loginscript.js when I tried to install the update.
I'll see if I can get another AV product to scan the file.
thanks
I e-mailed support at the same time I posted to the forum, but I've not had a response, so I can't say what a formal response it.
I got the update file by downloading manually, however the update inside the product also got the same reaction from Microsoft Defender, the AV product that flagged the file loginscript.js when I tried to install the update.
I'll see if I can get another AV product to scan the file.
thanks
Re: Updated detected with Virus
Hi,
the response I got from support was as follows:
1) The file on github (loginscript.js) is identical text to the one provided by Blue Iris.
2) There is a difference in whether the file uses LF or CRLF (Unix vs Dos) text file difference
3) if I take the Github file and reformat it to include CRLF, the file fails MS anti-virus tests
4) The GitHib file has not changed in a year, so I agree, this is possibly a false positive.
I'll let you know what else I can find.
thanks
David
the response I got from support was as follows:
Upon further investigation I found the following:Hello David
The EXE files are passing here. Latest virus definitions.
The .JS is a script file used by the UI3 browser interface. This also doe snot trigger Windows Defender here. Next steps:
You can install UI3 directly from the developer, you don't have to use the version in Blue Iris, although it should be the same:
https://github.com/bp2008/ui3
I will have a closer look at that .JS file, but I'm certain it's not being used maliciously, and this is a false positive.
Thanks
Ken
1) The file on github (loginscript.js) is identical text to the one provided by Blue Iris.
2) There is a difference in whether the file uses LF or CRLF (Unix vs Dos) text file difference
3) if I take the Github file and reformat it to include CRLF, the file fails MS anti-virus tests
4) The GitHib file has not changed in a year, so I agree, this is possibly a false positive.
I'll let you know what else I can find.
thanks
David
-
kayfersmum
- Posts: 58
- Joined: Tue Jun 18, 2019 10:09 am
- Location: Surrey, UK
- Contact:
Re: Updated detected with Virus
I have also been receiving these messages when trying to download the update. Happened again this morning. Will email support.
Oh, and my hard disk filled up again today
Oh, and my hard disk filled up again today
Re: Updated detected with Virus
Somewhat troubling this one. I have sent a message to support to see if they can check 
Forum Moderator.
Problem ? Ask and we will try to assist, but please check the Help file.
Problem ? Ask and we will try to assist, but please check the Help file.
Re: Updated detected with Virus
Hi,
I opened two cases with Microsoft today to get this checked out. The files have been determined by Microsoft as false positives. The confirmation of this can be seen at the locations below. Initially the files were being detected as with Trojan code, but once they had been processed they were marked as Malware free:
October 25, 2019 ba256513-6954-4bf4-bf36-4d23f10b12ca update32.exe Completed https://www.microsoft.com/en-us/wdsi/su ... 23f10b12ca
October 25, 2019 b424f610-8424-44fe-82d1-54b344386a91 loginscripts.js Completed https://www.microsoft.com/en-us/wdsi/su ... b344386a91
The comment from Microsoft after my submissions were as follows:
We have removed the detection. Please follow the steps below to clear cached detection and obtain the latest malware definitions.
1. Open command prompt as administrator and change directory to c:\Program Files\Windows Defender
2. Run “MpCmdRun.exe -removedefinitions -dynamicsignatures”
3. Run "MpCmdRun.exe -SignatureUpdate"
I found that the 1st command would not work without first disabling the real time engine in Windows Defender.
I hope that helps anyone else who is having this challenge.
David
I opened two cases with Microsoft today to get this checked out. The files have been determined by Microsoft as false positives. The confirmation of this can be seen at the locations below. Initially the files were being detected as with Trojan code, but once they had been processed they were marked as Malware free:
October 25, 2019 ba256513-6954-4bf4-bf36-4d23f10b12ca update32.exe Completed https://www.microsoft.com/en-us/wdsi/su ... 23f10b12ca
October 25, 2019 b424f610-8424-44fe-82d1-54b344386a91 loginscripts.js Completed https://www.microsoft.com/en-us/wdsi/su ... b344386a91
The comment from Microsoft after my submissions were as follows:
We have removed the detection. Please follow the steps below to clear cached detection and obtain the latest malware definitions.
1. Open command prompt as administrator and change directory to c:\Program Files\Windows Defender
2. Run “MpCmdRun.exe -removedefinitions -dynamicsignatures”
3. Run "MpCmdRun.exe -SignatureUpdate"
I found that the 1st command would not work without first disabling the real time engine in Windows Defender.
I hope that helps anyone else who is having this challenge.
David
-
kayfersmum
- Posts: 58
- Joined: Tue Jun 18, 2019 10:09 am
- Location: Surrey, UK
- Contact:
Re: Updated detected with Virus
Here’s the response I received from Ken. Very prompt, I’m the slow one today! I haven’t attempted it again since 
There is a .JS (Javascript) file used by UI3 (the browser interface) which apparently is being caught as a false-positive.
This may also have been impacted by the expired code-signing certificate. That was corrected with 5.0.5.2.
Please attempt the install the update once again and it is safe to override the .JS file warning.
Thanks
Ken
There is a .JS (Javascript) file used by UI3 (the browser interface) which apparently is being caught as a false-positive.
This may also have been impacted by the expired code-signing certificate. That was corrected with 5.0.5.2.
Please attempt the install the update once again and it is safe to override the .JS file warning.
Thanks
Ken
Re: Updated detected with Virus
Good work everybody
It's BI update time in Robin Hood land. 5.0.5.2 installed with no warnings. Malwarebytes didn't raise any issues.
Make sure you have unticked "Automatic download and install"
It's BI update time in Robin Hood land. 5.0.5.2 installed with no warnings. Malwarebytes didn't raise any issues.
Make sure you have unticked "Automatic download and install"
Forum Moderator.
Problem ? Ask and we will try to assist, but please check the Help file.
Problem ? Ask and we will try to assist, but please check the Help file.