Jump to content

WinToolkit from 1.7.0.1 to 1.7.0.8 to antivirus quarantine


mcluskyism

Recommended Posts

Hi everyone, I'm new to the forum, I hope I wrote in the appropriate one.
I wanted to point out that my company antivirus (Check Point Endpoint Anti-Malware Blade) identifies WinToolkit.exe as infected with UDS:Trojan.MSIL.Agent.gen and relegates it to quarantine.
This happens with the WinToolkit_1.7.0.7 version which is therefore unusable, while with the WTK_v1_1.7.0.0 version the same executable passes the control, and it works.
I would like to test the versions prior to 1.7.0.7 but the download link only points to the latest.
Where can I find intermediate versions? Or should I wait for the next one?
Feel free to offer me further suggestions, thanks and greetings

Immagine.png

Link to comment
Share on other sites

Buongiorno e benvenuto!

 

This is a "false positive", Microsoft Security Essentials identifies it too as a virus, but with another name, depending on the status of the definitions.

Do you antivirus have the possibility to set the program as OK? MSE has that possibility.

BTW, since yesterday the version 1.7.0.8 has been released; MSE does NOT identify this version as infected.

You can download the new version on win-unattended.de.

 

Link to comment
Share on other sites

Hi Thiersee, buongiorno a te e grazie per la celere risposta.
I'm pretty sure this is a false positive, and I downloaded the latest version you suggested, but unfortunately my company antivirus thinks that even version 1.7.0.8 contains the same virus, so it won't even let me unpack the archive. 
And no, the antivirus is activated by policies so I have no way even to stop it and pause it with the "classic methods" already tried ( wmic service ... call StopService | net stop ... | sc config ... start= disabled && sc stop ... | TASKKILL / F / IM ... ).
For now I return to the original version v1_1.7.0.0 but, if they were available, I would still be curious to test the intermediate releases from win-unattended.de
I would basically slipstream a Seven Starter ISO for an old netbook, and I'm working on a Windows 10 company laptop (at home I'm up Debian Stable).
Since I would just like to modify Seven and nothing else, do you think I could be happy to stay with the original v1_1.7.0.0 version, and drop the German releases?
Grazie ancora, un saluto

20190727.png

Edited by mcluskyism
spelling error
Link to comment
Share on other sites

1 hour ago, mcluskyism said:

do you think I could be happy to stay with the original v1_1.7.0.0 version, and drop the German releases?

There is no german version of WTK! Or what do you mean?

Intermediate releases:

Silly me, I have them :rolleyes:!

If you want I can uploade them on mega.nz and give you the link.

Anyway, in the last days I couldn' have the 1.7.0.7-EXE on my PC, MSE did identify it as virus; after the MSE-Update of yesterday it hasn't been identified as virus anymore and the 1.7.0.8 too.

Ciao.

Link to comment
Share on other sites

34 minutes ago, Thiersee said:

There is no german version of WTK! Or what do you mean?

Hello, and sorry! I mean win-unattended.de branch development.

36 minutes ago, Thiersee said:

If you want I can uploade them on mega.nz and give you the link.

Thank you, you would be very kind if you could, so I could test from when the false positive appeared.

Cheers 😁

Link to comment
Share on other sites

8 minutes ago, mcluskyism said:

Hello, and sorry! I mean win-unattended.de branch development.

Thank you, you would be very kind if you could, so I could test from when the false positive appeared.

Cheers 😁

OK!

Here is the link

https://mega.nz/#!mKxDBYKZ!QFMsT2jhV8_CvXTOVq8h3Q-Cj7-oTf5biTWuw1C5BYc

Tell me when you downloaded it, then I pull it down from mega.nz.

Link to comment
Share on other sites

  • mcluskyism changed the title to WinToolkit from 1.7.0.1 to 1.7.0.8 to antivirus quarantine

Hi to all, unfortunately I Get No Joy ... all releases of WinToolkit from 1.7.0.1 to 1.7.0.8 are presumed infected, according to my company antivirus.
I am still convinced that this is a false positive, but for now I am screwed.
BTW, my goal ATM is to modify only a copy of Seven Starter ... in yours opinion, maybe the original v1_1.7.0.0 could suffice?
Thanks anyway for all the support, and greetings to the whole forum 😉

Edited by mcluskyism
misspelling
Link to comment
Share on other sites

  • 4 weeks later...

Hi all,

I'm having the same problem. McAfee Endpoint Security claims WinToolkitRunOnce.exe to be the Trojan. It quarantains it and there is no way to set it as positive.

Running WinToolkit 1.7.0.8, had the same result with 1.7.0.7. I'll try with the version 1.7.0.0 and report back.

Tom

Edit: Version 1.7.0.0 still running smoothly, no complaints about trojans

 

Zwischenablage01.jpg

Edited by PapoPorz
Link to comment
Share on other sites

Hi PapoPorz, and welcome on my same boat 😅 indeed, thank you for having fully identified the "culprit".

So, any suggestions from the developers? I'm still on v1_1.7.0.0 ATM.

Thank you 😉

 
Edited by mcluskyism
misspelling
Link to comment
Share on other sites

  • 3 months later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...