StandalonePsychoPy-2021.2.3-win64.exe triggers a Trojan:Win32/Vigorf quarantine

When downloading an older version i get a Trojan warning and Defender quarantines it. Not willing to try if it’s a false positive tbh although it is likely. Windows defender has a history of flagging this one but one never knows.
@jon I did install this before without this happening on the same system (I stupidly uninstalled this same version from the wrong laptop) could you check if something is amiss ?

thanks

Joost

Edit: I ran it though Malwarebytes and Crowdstrike and came up clean so I guess it’s a false positive

I certainly haven’t heard of anyone having trouble before so, and that file has been downloaded 48,410 times! If the file hasn’t been messed with on its way to you* then I think it’s probably a false positive

*check it has Open Science Tools code signature

Apparently there were a few similar triggers years back.

It only triggers on Windows Defender (apparently it can trigger on a C " Hello world" exe so anything halfway executable) and it quarantines it directly. So you have to un-quarantine it while you have an alternative scanner running as you really don’t want trojans on your system.

Thanks

J

Dear all,

I just wanted to follow up on this thread and say I encountered the same problem a few days ago.
After downloading the file .exe for the PC standalone version (2021.2.3), Windows Defender flagged it as a malicious file containing the Vigorf trojan. The virus and the file .exe were automatically removed by Windows Defender. I don’t know if it was a false positive (our IT department suggested that maybe that was the case), but I just wanted to let you know @jon that I encountered the same problem reported by @jriph.

Best,
Martina

Ps. I’m tagging our Lab Manager @BemboLab in this post so she can follow this thread.

FWIW I think Defender get triggered when you install from the downloads folder because when I run the same file from a different location it does not trigger defender.