When downloading an older version i get a Trojan warning and Defender quarantines it. Not willing to try if it’s a false positive tbh although it is likely. Windows defender has a history of flagging this one but one never knows. @jon I did install this before without this happening on the same system (I stupidly uninstalled this same version from the wrong laptop) could you check if something is amiss ?
thanks
Joost
Edit: I ran it though Malwarebytes and Crowdstrike and came up clean so I guess it’s a false positive
I certainly haven’t heard of anyone having trouble before so, and that file has been downloaded 48,410 times! If the file hasn’t been messed with on its way to you* then I think it’s probably a false positive
Apparently there were a few similar triggers years back.
It only triggers on Windows Defender (apparently it can trigger on a C " Hello world" exe so anything halfway executable) and it quarantines it directly. So you have to un-quarantine it while you have an alternative scanner running as you really don’t want trojans on your system.
I just wanted to follow up on this thread and say I encountered the same problem a few days ago.
After downloading the file .exe for the PC standalone version (2021.2.3), Windows Defender flagged it as a malicious file containing the Vigorf trojan. The virus and the file .exe were automatically removed by Windows Defender. I don’t know if it was a false positive (our IT department suggested that maybe that was the case), but I just wanted to let you know @jon that I encountered the same problem reported by @jriph.
Best,
Martina
Ps. I’m tagging our Lab Manager @BemboLab in this post so she can follow this thread.
FWIW I think Defender get triggered when you install from the downloads folder because when I run the same file from a different location it does not trigger defender.
Hi everyone,
I just received the same Trojan:win32/Vigorf.A warning for the 2022 standalone installer .exe file, which I downloaded and installed 2 years ago!! Is there any update on this? Windows defender has removed the file from my computer, but the file has been on my computer (and installed) for 2 years. Is it a confirmed false positive? Bit scary
Thanks,
Julia
**edit - my installation doesn’t have any digital signatures. I downloaded it from the Psychopy website 2 years ago. Could my trojan warning be legitimate?
** edit 2 - ohh wait, I just realised that you meant to check the .exe file’s digital signature, not the actual installation files. Windows Defender removed the .exe file, so I can’t check that file anymore. I’m going to uninstall this older version of PsychoPy, just in case. But I’m still wondering if there is any update regarding why this is triggering Trojan warnings and if there is any likelihood it is real?
I’m still very confident this is a false positive, assuming the installer exe file you have is the copy that was signed by Open Science Tools:
From a web search it sounds like false positive for Vigorf.A are quite common
Nobody has reported a suggested positive from any other virus scanner despite being installed on tens of thousands of computers (that means sophos, crowdstrike, malwarebytes, norton, mcafee,… all think it’s safe)
I would recommend that you scan with an up to date dedicated virus scanner (sophos, crowdstrike
One suggestion (from Dell regarding a similar false positive) is to update your Windows Defender because it may be the false positive has been corrected in their database by now.
Seemingly we could submit the file to Microsoft for analysis but it seems that
Unfortunately a) it says it can’t take files over 500mb and b) I can’t easily do this myself because we don’t use Microsoft Defender (we use sophos and crowdstrike)
Last recommendation is to upgrade to the 2024.2.4 version (using py3.8 for backwards compatibility with your existing studies) because that doesn’t generate these false positives
v2022.1.3 triggers the same warning (was trying to reinstall it to collect some more data for a previous study but Windows Defender won’t allow the install and removes the file promptly)
Are you able to submit the file to Microsoft for analysis as a False Positive?
I mean, I’d love to know why these things are getting incorrectly classified in the first place but maybe this is the way to get them correctly (de)classified
Actually I might be able to do this myself despite not having Windows Defender. The question is which product is it that’s reporting the positive? Defender Antivirus for Win11?
