Chrome and Windows blocking download of 20230205

[avtech23]

I have tried to get the 20230205 release but chrome refuses to download it saying it is dangerous.

I force chrome to keep the file and windows defender snaffles it up straight away saying that it contains wacatac.h !ml trojan.

[1a2m3]

I see. Firefox is also suggesting potentially unsafe file.

That's a false positive. There is no malicious code in SPD-RW.

The program uses a loader to launch GUI module stored in resources in gzip compressed format.

During startup, the main GUI module is decompressed into memory, then it is loaded using Assembly.Load method, and finally the original GUI program is loaded using MethodBase.Invoke method calling GUI's Main() method.

Similar techniques can be used by malicious software to hide its main payload to avoid signature based detection, so antiviruses are most likely using heuristic analysis to mark the program as unsafe.

As a temporary solution (until the new release is ready) I can suggest disabling antivirus temporarily during downloading or download it using another browser and adding extracted contents to your antivirus exclusion/safe list.

[avtech23]

Thanks for the swift reply.

I thought that it was the case that WD is giving false positives, but thought I'd let you know in case others are being prevented from using your awesome tool.

I have force downloaded it into an excluded folder and it finally run once I got past the 'smart screen' block.

[1a2m3]

New version posted: 20230930

To address false AV positives, I decided not to use loader this time and replaced WinRing0 driver with CPUID driver.