[BUG] - Running it, and my Bitdefender say its a Threat...

Question

[BUG] - Running it, and my Bitdefender say its a Threat...

Manniala opened this issue 10 months ago · comments

Description

A few days ago i downloaded your app, and my Bitdefender was NOT happy, i than scanned it with 2 sites, results are in link.

https://www.virustotal.com/gui/file/7f7615cf59317fc73ba9b40a62194051d3890b2c3e0f3f8252e178981ba42301/detection

https://sandbox.pikker.ee/analysis/4422836/summary/

Its not a clean result, but its also not all to scary.

Also Scanned it with MalwareBytes, but that say its clean, not sure why Bitdefender is yelling out that its not, you can always send it to them, and let them know, might be they can do something, so its not getting this message.

Reproduction steps

No response

Image file

Version

1.3.4

OS

Windows

Tool

A1111's webUI

Rhys Yang · Answer 1 · Sun Nov 26 2023 23:33:18 GMT+0800 (China Standard Time)

Thank you for your feedback. Just as I mentioned in the readme

Malware Alert
The false positive reported by some anti-malwares is caused by the packaging tool pyinstaller which is a common issue for pyinstaller users. I spent a lot of time trying to fix the Windows Defender false positive before, but I couldn't do it for every antivirus software. So, you can either trust Windows Defender or use the instruction for Linux users to use this app.

Previously, MalwareBytes would also prompt a malware alert #8 , but then one day it just stopped appearing, and I have no idea why.

If you're still concerned about the safety of the exe, you can follow this instruction to install using pip

Manniala · Answer 2 · Mon Nov 27 2023 08:40:33 GMT+0800 (China Standard Time)

Ah i were not, since the app had been up for so long, i would had thought people with a loooot of more knowledge, would had screamed out, and it would also not had been on Civitai, i just made the tests, to see what other AV... would say to it..

And i think the MalwareByte part, when enough false positives are coming in, they may change the detection, like you said in the read-me, pyinstaller may just have forced MalwareByte creators, to look into it, and than wrote some exceptions, to avoid people getting "scared".

I have send the info to Bitdefender, ask them to look into this, not sure if they do, but if enough is writing, they may do something.

Will suggest other that use Bitdefender to do the same here, it takes less than a minute, you can use the message below to just paste in if you want (comment box)

https://www.bitdefender.com/consumer/support/answer/29358/

Pick False Positive (in Category), Your Name and Email, URL use one of the 2 below, or send the .exe file up to you which you pick, copy paste the message and "I'm not a robot" and Submit.

I am getting a false positive, from the App "Stable Diffusion Prompt Reader", which can be found on the following sites:

GitHub
https://github.com/receyuki/stable-diffusion-prompt-reader

Civitai
https://civitai.com/models/36852/stable-diffusion-prompt-reader

And looking under FAQ: https://github.com/receyuki/stable-diffusion-prompt-reader#faq
Malware Alert
The false positive reported by some anti-malwares is caused by the packaging tool pyinstaller which is a common issue for pyinstaller users. I spent a lot of time trying to fix the Windows Defender false positive before, but I couldn't do it for every antivirus software. So, you can either trust Windows Defender or use the instruction for Linux users to use this app.

If you could look into this, i bet I'm not the only one that get this, and some may be scared about such warnings, which is a shame.

And thx for the reply, and the App ofc :)

Rhys Yang · Answer 3 · Tue Nov 28 2023 21:05:48 GMT+0800 (China Standard Time)

I have reported the false positive to Bitdefender. let's see if that helps.

Rhys Yang · Answer 4 · Mon Dec 11 2023 19:59:41 GMT+0800 (China Standard Time)

@Manniala Are you still receiving false positive alerts?

Manniala · Answer 5 · Mon Dec 11 2023 23:48:34 GMT+0800 (China Standard Time)

Hey, i have just tried to remove it from "exclude" in Bitdefender Total Security, and i do not get any more notice about Malware :)

This is with v.1.3.4.post1 for Windows.

Did you change something, or did Bitdefender ?

Rhys Yang · Answer 6 · Tue Dec 12 2023 00:15:31 GMT+0800 (China Standard Time)

Wow! I thought I would need to reapply for v1.3.4.post1, but it looks like Bitdefender has made some changes.

I’m not sure what will happen when I update some modules. But anyway, this is good news.

Manniala · Answer 7 · Tue Dec 12 2023 00:23:03 GMT+0800 (China Standard Time)

I can try to see if i can remember to update frequently, and give a shout if something is popping up again.

But for now, Bitdefender is not yelling out, and lets hope that new modules wont change anything, but hard to say when you or i do not know, how they stopped Bitdefender from the false positive.

[EDIT] Have just put my self on notifications, for new releases, may help me "remember" to update :)

Rhys Yang · Answer 8 · Fri Dec 15 2023 17:01:02 GMT+0800 (China Standard Time)

If everything goes as planned, v1.4.0 will be the next version (although post1 was an unexpected version). However, I’ve been really busy lately and have only completed 30% of the code for v1.4, so don’t expect any updates anytime soon :(

Manniala · Answer 9 · Sun Mar 17 2024 12:15:53 GMT+0800 (China Standard Time)

Hmm, for some reason Malware Byte decided that it was a Malware, i had not updated it, i had used it a lot and Malwarebyte never had anyproblem, until now.

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 3/17/24
Protection Event Time: 5:10 AM
Log File: 4f7d09d2-e414-11ee-ae14-04d9f53756cf.json

-Software Information-
Version: 4.6.9.314
Components Version: 1.0.2276
Update Package Version: 1.0.82228
License: Trial

-System Information-
OS: Windows 11 (Build 22631.3296)
CPU: x64
File System: NTFS
User: System

-Blocked Malware Details-
File: 1
Malware.AI.3403143567, F:\Programs\SD Prompt Reader.exe, Quarantined, 1000000, 0, 1.0.82228, 43DEF883C2C9D480CAD7D98F, dds, 02739021, 16E978F7BB30054B5AB4E6FD030E6ADF, C53A1F30B11C76FB00F847E6514196070A7EB9676A6508BD6E59C6B5F5E9011E
(end)

Thought you may want to know.

Manniala · Answer 10 · Sun Mar 17 2024 12:21:12 GMT+0800 (China Standard Time)

Hmm, just downloaded the newest version again, and this time Bitdefender started.

Malicious application detected on your device
Feature:
Antivirus

The app F:\Programs\SD Prompt Reader.exe infected with Gen:Suspicious.Cloud.8.Wm4@a4Lkodki was moved to quarantine. It is recommended that you run a System Scan to make sure your system is clean.

But restoring it, and than scan it say its clean, not sure why both MalwareByte and Bitdefender is acting up :D

Rhys Yang · Answer 11 · Sun Mar 17 2024 18:06:27 GMT+0800 (China Standard Time)

Thank you for letting me know. Just like before, the only thing I can do is submit false positive reports. I should be releasing v1.3.5 within a few days, so I will submit the false positive reports at that time.

Manniala · Answer 12 · Sun Mar 17 2024 18:09:08 GMT+0800 (China Standard Time)

Yeah, not sure what and why it decided that this time it must had been a virus/Malware, i had ran it many times before, and than i download a new version, and gets the report, i restore it, and scan it, than none of them say anything.

I tried to scan my whole system, but found nothing, so not really sure what is happening :)

And thx :)

Rhys Yang · Answer 13 · Sun Mar 17 2024 18:16:46 GMT+0800 (China Standard Time)

Perhaps someone created a virus using the same version of the packaging tool that I use? lol