Windows Defender Malware detection (false positive)

@JamO Hello, congratulations on your hard work.
Unfortunately, I can’t test MG3 at the moment because the download is blocked: “virus detected”.

Oh no. It a completely new build machine and of course we are very careful to not get infected. I guess it’s a false positive reported because the binary is new and not signed. But I’ll examine this now. What kind of AV reports this?

@JamO
Windows Defender

Trojan:Win32/Phonzy.B!ml

This program is dangerous and executes commands from a malicious person.

Items affected: E:\DL\MIDIGuitar3Installer3.0.49.exe

webfile: E:\DL\MIDIGuitar3Installer3.0.49.exe|about:internet|pid:15976,ProcessStart:133629133685970024

EDIT: on another web browser, there’s just one difference:
Items affected: C:\Users\Admin\Downloads\rFsiFutW.exe.part

Thank you for reporting. This obviously stresses me, and of course I’ll be terribly sorry to infect anyone.

I just completed a scan with the Microsoft scanner with nothing found. Did this arise when you run the installer or when downloaded it? What version of windows?

I had also a positive in the windows antivirus with the installer, reporting Trojan:Win32/Phonzy.B!ml
I scanned it in Virustotal and 5 of 74 AVs reported virus:
Elastic: Malicious (moderate Confidence)
Google: Detected
MaxSecure: Win.MxResIcn.Heur.Gen
Microsoft: Trojan:Win32/Phonzy.B!ml
SecureAge: Malicious
The others 69 AV engines (which includes all the well know companys)reported 0 virus.
It seems a false positive
But as I trust you disabled the AV to be able o install it. :sweat_smile:

Windows 11 Pro 23H2 Build 22631.3737
The file is blocked during download. Access to the programme is not possible, as it does not appear in the download folder.

If it is not signed, the file is still downloaded and all you have to do is authorise its execution.

I think it must be a false positive, but to be honest I don’t feel 100% confident yet. I’m on the same windows build as you. What browser do you use?

Tested on Brave, Firefox and Edge
No other security programs other than those built into Windows.
Full scan performed: no other threats detected

1 Like

Did those who successfully installed MG3 run a Windows security scan after installing MG3? If not, it would be worth doing so to find out more about this virus problem.

I finished a full scan now on the development machine and no detections. Now scanning with another Microsoft tool and also on another machine. Edit: No detections.

I have tried to download it on my 3 other computers: the file is blocked on 3computers (Windows 11) but it is downloaded correctly on the fourth (Windows 10).
The protection on this computer is up to date as on the others.
The only difference with the others is that it uses Win10 as it is not compatible with Win11. There is the normal unsigned file warning and MG3 is installed.

The PC scan does not detect any threats. So it’s almost certainly a false positive.

Ole: I’ve never doubted the care you take in your work and the precautions you take, so don’t feel sorry for yourself because it’s not your fault. :wink:

2 Likes

Its a false positive. The executable (which is the only file in the installer) is all safe according to all these 74 different scanners:

Full list:

Im just replacing the installer with a simple zip file, containing the same executable in the download post. Please try to see if that downloads for you.

As a further sanity check I just tried to make a new installer where I changed the version number to 3.0.50 (just to change the hash of the installer file) and as expected, it came out with no issues in VirusTotal, which strongly indicates it was a random clash and false positive. I have reported this to Microsoft.

I’ll make sure all forthcoming updates makes an installer that is coming through cleanly.

I’ve just replied about the false positive and I’m waiting for your link, but even if it’s still blocked I’ll deactivate Defender to get it back. I’ll keep you posted.

I can confirm that on Windows 10 Home, I get “No current threats” when scanning the folders where I copied the installer executable to. I’ll report back once I download and check on my Windows 11 system later today.
I did not have any warnings when I installed last night. The only thing was I clicked outside of the activation popup after entering the code so I had to go through that twice to get it activated.

@JamO I copied the MG3 executable from my Win10 PC to my Win11 PC after deactivating the antivirus, I ran MG3 and it opened without a problem.
I reactivated the antivirus and no threat was detected. So the problem is that Windows’ real-time protection has a false positive…
I can start testing.

Here is a win 10 Scan hope it’s helpful.
There are two files. are these the same beta version? One is a direct link to the EXE, the other a ZIP. which is the most current? ~ Thanks

  1. Download link MIDI Guitar 3.0.49 for Windows, early BETA
    https://www.jamorigin.com/downloads/latest/MIDIGuitar3Installer3.0.49.exe

  2. https:/jamorigin.com/downloads/latest/MIDIGuitar3Win.zip

Malewarebytes Scan

It’s the same exe file. The hash of the exe file is the same as in my post above.

1 Like

Hello. I downloaded and installed the MIDI Guitar 3 for Windows Beta. (MIDIGuitar3Installer3.0.49.exe) After running it one time my Malwarebytes application reported a ransomware attempt from the MG3 application.

To be clear, The installer ran without issue. After running the installed application and “Scan for plug-ins” The application seemed to time-out and said “Thank you for testing”. I closed the application and on the second run it was quarantined.

Please advise

Windows 11
Focusrite Scarlett

It’s a false positive, as discussed above.

The reason has apparently to do with how the installer compressed the exe file.

Please download the .zip file instead:

https:/jamorigin.com/downloads/latest/MIDIGuitar3Win.zip