SyMenu - General discussion & questions - Win10 Defender reports Symenu.exe as a trojan

SyMenu - General discussion & questions - Win10 Defender reports Symenu.exe as a trojan - Messages https://ugmfree.it/forum/messages.aspx?TopicID=442 SyMenu - General discussion & questions - Win10 Defender reports Symenu.exe as a trojan - Messages en-us http://blogs.law.harvard.edu/tech/rss Tue, 23 Aug 2016 06:31:42 GMT Tue, 23 Aug 2016 06:31:42 GMT https://ugmfree.it/forum/messages.aspx?TopicID=442 Message from eson Druuge wrote:

Would this response be inappropriate to share on here? I would be interested in reading it even though Symantec isn't necessarily the top authority in this space.

No, I can share. I just wanted to avoid feeding the trolls, because the answer I got wasn't very encouraging,
Well, today (after sending a response in pretty harsh terms) I got another responding email about the same issue, where they apparently changed their mind, so I'll just share them both.

First answer 22-08-2014:

In relation to submission [3987131].
Upon further analysis and investigation we have determined that the following file(s) meet the necessary criteria to be detected by our products and, as such, the detection(s) cannot be revoked:
Filename: SyMenu.exe
MD5: 1E368E21909456F52B8CC7EB3F5B0B6C
SHA256: 57D16BC4F7A14C788783DB112D73B38F36F4B6A227EF8DDC49C681DFE6336285

Second answer 23-08-2014:

In relation to submission [3987131].
Upon further analysis and investigation we have verified your submission and, as such, the detection(s) for the following file(s) will be removed from our products:
Filename: SyMenu.exe
MD5: 1E368E21909456F52B8CC7EB3F5B0B6C
SHA256: 57D16BC4F7A14C788783DB112D73B38F36F4B6A227EF8DDC49C681DFE6336285
Result:
Whitelisting for above file is available in Rapid Release definitions with a sequence number of 180095 or greater.

edited by eson on 23/08/2016]]> Tue, 23 Aug 2016 06:31:42 GMT https://ugmfree.it/forum/messages.aspx?TopicID=442 Message from Druuge
EDIT: eson wrote:

I just received an answer from Symantec. Forwarding it to you. Maybe you can respond from that answer.

Would this response be inappropriate to share on here? I would be interested in reading it even though Symantec isn't necessarily the top authority in this space.
edited by Druuge on 23/08/2016]]> Tue, 23 Aug 2016 02:42:33 GMT https://ugmfree.it/forum/messages.aspx?TopicID=442 Message from eson Mon, 22 Aug 2016 11:58:48 GMT https://ugmfree.it/forum/messages.aspx?TopicID=442 Message from Gianluca The problem started with version 5.03 and I didn't introduce anything suspect in that version.

I'm enquiring some AV to understand which particular byte sequence is activating the alert. From a byte sequence I can reverse engineer my software to understand which part of the source code is responsible for that. But I strongly doubt that someone will reply.]]> Mon, 22 Aug 2016 11:54:30 GMT https://ugmfree.it/forum/messages.aspx?TopicID=442 Message from eson Sure, recompiling will work for a day or two, as you get new hashes for every recompile, but that is hardly the final solution.

Gian, do you have any idea about what component in SyMeny is causing this mess?
edited by eson on 22/08/2016]]> Mon, 22 Aug 2016 11:43:37 GMT https://ugmfree.it/forum/messages.aspx?TopicID=442 Message from Gianluca
This false positive issue is totally crazy.

I've just recompiled the same exactly code for the 5.04 and released it again to the web site and incredibly the VirusTotal report is now completely ok:

https://www.virustotal.com/en/file/ce7738efc9ba1d4a67e0c1d1f4e587278a2576802f739b6ab3c9740157308bf5/analysis/

My guess is that in some days the AV software start again to consider SyMenu the most wanted threat on earth and put it in their blacklists.
Guys it's a problem for conspiracy fans here... or for AV experts.
I've tried to ask for tips to some AV support contacts but it seems they have better things to do.
Indeed me too.
So let's see the next evolution and please give me any suggestion to workaround this problem.

Thanks!]]> Mon, 22 Aug 2016 11:13:25 GMT https://ugmfree.it/forum/messages.aspx?TopicID=442 Message from timrray Fri, 19 Aug 2016 20:09:05 GMT https://ugmfree.it/forum/messages.aspx?TopicID=442 Message from lupusbalo JUST REMOVE YOUR STUPID AVs (1)

AND INSTALL SYMENU

(1) or add an exclusion to prevent symenu from being scanned
edited by lupusbalo on 19/08/2016]]> Fri, 19 Aug 2016 12:07:41 GMT https://ugmfree.it/forum/messages.aspx?TopicID=442 Message from cristov http://www.ugmfree.it/SyMenuDownload.aspx. There is also warning on http://alternativeto.net/software/symenu/.
edited by cristov on 17/08/2016]]> Wed, 17 Aug 2016 18:24:17 GMT https://ugmfree.it/forum/messages.aspx?TopicID=442 Message from KoolPal Failed - Virus detected

Please review and advise how to use this awesome app!]]> Wed, 17 Aug 2016 16:48:18 GMT https://ugmfree.it/forum/messages.aspx?TopicID=442 Message from Gianluca Sorry but I'm unarmed in front of a false positive report.]]> Tue, 02 Aug 2016 22:09:55 GMT https://ugmfree.it/forum/messages.aspx?TopicID=442 Message from otz https://www.virustotal.com/ru/file/a3fcff6acbd06dd442a888a84e0785707c8f287429da41ff344bdbc9c151a4e5/analysis/]]> Tue, 02 Aug 2016 10:55:04 GMT https://ugmfree.it/forum/messages.aspx?TopicID=442 Message from Gianluca MS idea's? The same smile

https://www.microsoft.com/en-us/security/portal/submission/SubmissionHistory.aspx?SubmissionId=ad17b39d-947f-43bc-be08-b698e6ac8c62]]> Mon, 01 Aug 2016 10:26:02 GMT https://ugmfree.it/forum/messages.aspx?TopicID=442 Message from Druuge I downloaded it from a few mirrors (majorgeeks, etc) and got same result:

Here's a link to info about the trojan: https://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Trojan:Win32/Skeeyah.A!rfn

Thoughts? Ideas? Concerns?]]> Mon, 01 Aug 2016 10:13:25 GMT