Bug 794967 – Windows Defender reports Trojan Virus Win32/Azden.B!cl in gnucash-3.0.setup.exe

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 794967 - Windows Defender reports Trojan Virus Win32/Azden.B!cl in gnucash-3.0.setup.exe


Summary:	Windows Defender reports Trojan Virus Win32/Azden.B!cl in gnucash-3.0.setup.exe


Status:	RESOLVED NOTGNOME

Product:	GnuCash
Classification:	Other
Component:	Windows
Version:	3.0
Hardware:	Other Windows

Importance:	Low minor
Target Milestone:	future
Assigned To:	gnucash-win-maint
QA Contact:	gnucash-win-maint

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2018-04-04 07:29 UTC by power
Modified:	2018-06-30 00:07 UTC

See Also:
GNOME target:	---
GNOME version:	---

Attachments
Screenshots (51.46 KB, image/png) 2018-04-04 07:29 UTC, power	Details

Description power 2018-04-04 07:29:13 UTC

Created attachment 370517 [details]
Screenshots

Windows Defender detects Trojan:Win32/Azden.B!cl in gnucash-3.0.setup.exe.

Please consider the attached screenshots.

OS Name:                   Microsoft Windows 10 Pro, 64bit
OS Version:                10.0.16299 N/A Build 16299
Hotfix(s):                 10 Hotfix(s) Installed.
                           [01]: KB4053577
                           [02]: KB4054022
                           [03]: KB4056887
                           [04]: KB4057247
                           [05]: KB4058702
                           [06]: KB4074595
                           [07]: KB4087256
                           [08]: KB4088785
                           [09]: KB4090914
                           [10]: KB4088776

Comment 1 André Klapper 2018-04-04 12:28:28 UTC

Please provide a URL where you downloaded gnucash-3.0.setup.exe

Comment 2 power 2018-04-04 12:51:39 UTC

(In reply to André Klapper from comment #1)
> Please provide a URL where you downloaded gnucash-3.0.setup.exe

Download URL:
https://sourceforge.net/projects/gnucash/files/
-> then click on button "Download Latest Version"

This leads to:
https://sourceforge.net/projects/gnucash/files/latest/download?source=files

This leads to:
https://netix.dl.sourceforge.net/project/gnucash/gnucash%20%28stable%29/3.0/gnucash-3.0.setup.exe

I have just downloaded the file once again, still same behavior...

Thanks for your great work!

Comment 3 Frank H. Ellenberger 2018-04-04 13:28:38 UTC

Thank you for the report, but this is a "false positive" result of Windows Defender.

See e.g. https://www.virustotal.com/#/url/862271c3d2b8221ce7c887ffa719682f7049956dbec5b40735d0876e98c90a39/detection for more comprehensive results.

For former reports see the thread starting with
https://lists.gnucash.org/pipermail/gnucash-user/2018-April/075888.html

Microsoft's false-positive reporting facility number 82655139-6978-4eeb-80c2-7e1e72f820a6

Related: https://lists.gnucash.org/pipermail/gnucash-user/2018-April/075978.html - Gnucash 3.0 Microsoft Security Essentials Threat Detected
> Is there a way for the developers to have this file correctly
categorized/assessed by MSE?

So I will keep this open for the results of the register process, but reduce the importance.

Comment 4 Frank H. Ellenberger 2018-04-04 13:30:28 UTC

... and adjust the title.

Comment 5 John Ralls 2018-06-07 21:25:07 UTC

We never heard anything back from Microsoft about the false positive report, but we also had no reports of similar problems with Gnucash 3.1.

Comment 6 John Ralls 2018-06-30 00:07:08 UTC

GnuCash bug tracking has moved to a new Bugzilla host. This bug has been copied to https://bugs.gnucash.org/show_bug.cgi?id=794967. Please update any external references or bookmarks.