[false flag] v. 0.2.14 Setup.exe claims win32:malware-gen

[Baraz-Siriel]

Avast blocked that download, luckily! It detected win32:Malware-gen

More specifically, the version packed in ...Setup.exe.

The manual install folder seems clear. Both Avast antivirus (free) and EMSIsoft Emergency Kit detected nothing for the file Articulate.exe in the no-installer version of v. 0.2.14.

Date: Sept. 11, 2017

[notheotherben]

Hi Baraz,

Unfortunately it's a side effect of some of the code we use to enable the Push to Talk functionality, as well as to inject your spoken commands into ArmA. You can find more information in #89 if you're interested, but the short version is that it's a false-positive heuristic detection (hence the "gen(eric)" tag).

[Baraz-Siriel]

EDIT: I was writing this at the same time you posted...

In sum : yet the normal Articulate.exe, without the Setup.exe is cleared without a problem.

Anyhow, the normal version (non-installer) is fine for me. I just manually activate the software and it should work fine in-game.

[notheotherben]

That is very odd, can you try testing both on VirusTotal and see what results you get? I seem to recall that Articulate.exe did get detected there for the same reasons but didn't raise any alarms on your machine (it would just not work correctly unless you whitelisted it in your antivirus, failing to send commands to ArmA).

[Baraz-Siriel]

OK. It got 6 on 64. Only three flagged red (and one is just moderate).

• AegisLab : Gen.Variant.Johnnie!c - malicious (moderate confidence)
• McAfee : Artemis!A9D068A8802C
• Palo Alto Networks : generic.ml - static engine - malicious

[notheotherben]

Ah, that's excellent, sounds like they're slowly improving the heuristic detection. In that case I think your solution of using the Non-Installer version should be perfect, please let me know if you run into any issues at all with it.

[Baraz-Siriel]

cool

[pnmcosta]

on windows 10 defender it's detecting as Trojan:Win32/Tilken.B!cl