has sent me an email on Sunday about the issue that has been bugging him for several days. I had pointed out this phenomenon in my German blog in the post Windows 11: Defender meldet RAR-Archive als Trojaner "Wacatac.H!ml".
Windows' built-in Defender has once again attracted attention because it was classifying various files or URLs as malicious and denying access. "Not all of these associations directly lead to detections, however, if a program installs other programs or files that have poor reputation, then by association that program gains poor reputation," said Microsoft.Windows users are not getting any peace of mind regarding Microsoft Defender. "When programs employ malware-like techniques, they trigger flags in our detection algorithms and greatly increase the chances of false positives."Īnother indicator Microsoft uses is the reputation of other programs the file is associated with - what the program installs, what's installed at the same time as the program, or what's seen on the same machines as the file. Microsoft also said developers should beware of using file obfuscation, being installed in non-traditional install locations, and using names that don't reflect that purpose of the software - traits often found in malware. Reputation accrues - if a software bundler includes components that have poor reputation, the certificate that bundler is signed with gets the poor reputation." This advice particularly holds true for programs that incorporate bundling or use advertising or freemium models of monetization. Microsoft notes: "We thus advise developers to not share certificates between programs or other developers.
However, if a file gains a poor reputation (by for example, being detected as malware) or if the certificate was stolen and used to sign malware, then all of the files that are signed with that same certificate will inherit the poor reputation, which might also see them tagged as malware.
0 kommentar(er)
