Virus in exported .exe file

  • Hi!


    Non-graphical user here - just IT dude :)


    An exported Enscape file have some sort of "virus" in it, and I ran in on the interwebs:

    https://www.virustotal.com/da/…e3a1/analysis/1498639666/

    (4/61) and it seems non-critical.


    But nonetheless our AV (Symantec) reacts on the file.


    In these days (and 20 years back) sending an .exe file and relying on people opening .exe files is NOT a good idea. Every computer user should know that opening .exe files from other people is a no-go.


    So we ask for Enscape to develop a viewer and their own file extension other than .exe :)


    And we ask why some AV will see the .exe file as a virus?


    Best regards,


    Martin

  • Every exe that is generated by Enscape is different (different content inside), that is why we can't digitally sign them in advance. A viewer that is digitally signed and a "project file" may be a solution, but involves an installation step which also needs an exe file to be executed.


    Nowadays, Anti-Virus softwares do not just compare EXE files to their list of existing malware, they also try to find patterns that look suspicious in the code. Sounds as if it does not work reliably? Exactly. The steps where we extract the compressed 3D content is sometimes considered as suspicious.


    We can't do something very quickly here, but we'll keep an eye on finding a suitable solution.

  • Hi Thomas!


    Just wanted to say thanks for response!


    But an installer for a viewer that is signed, makes much more sense, instead of sending "random.exe" files.

    Especially for us IT dudes regarding safety issues :)


    And yes, AV software looks for patterns and sometimes get a false positive - we use Symantec.

    (and as you can see in the link in the first post, three other AV finds something as well)


    Best regards,


    Martin

  • Solution;

    Make a folder on your PC that isnt scanned/ignored by your virus checker. No issues at all afterwards. We also usually take the Laptop with us to meetings, and dont send the files to clients as their PCs are not usually capable of using Enscape.

  • Solution;

    Make a folder on your PC that isnt scanned/ignored by your virus checker. No issues at all afterwards. We also usually take the Laptop with us to meetings, and dont send the files to clients as their PCs are not usually capable of using Enscape.

    Unfortunately this is not a viable solution for this firm. Is there any update to Enscape's team stating that they were working on this known issue a while ago? We commonly use other real-time rendering engines in conjunction and those are able to successfully sign the output - albeit the executables seem wrapped.

    Is this something that is being considered?


    Thanks

  • Actually, could you take it a step further and submit the file as safe to Cylance? When I get a false positive using Symantec, I can either locally whitelist the file or submit it Symantec for evaluation. That said, none of the .exe I've created with Enscape ping Symantec.

  • We work on a web based solution that should solve this problems.

    Thanks for the prompt response Thomas. Do you have an ETA on this solution?


    Actually, could you take it a step further and submit the file as safe to Cylance? When I get a false positive using Symantec, I can either locally whitelist the file or submit it Symantec for evaluation. That said, none of the .exe I've created with Enscape ping Symantec.

    Thanks Jeff. Well I wish that this did work for us but each time the file is different and the only way that we could work around this is making Cylance set to 'Alert Only' which would leave the entire firm at risk.