Winstep

Software Technologies


 Winstep Forums


Print view
Board index : Winstep Forums : General Discussion  [ 8 posts ]
Author Message
 Post subject: Windows Defender false positive for NextSTART on Windows 10
PostPosted: Fri Dec 29, 2017 4:21 am 
Offline
Site Admin
Site Admin
User avatar

Joined: Thu Feb 26, 2004 8:30 pm
Posts: 11930
It seems Windows Defender is reporting a false positive for v17.12 of NextSTART.exe on Windows 10 and automatically deleting the executable.

I already reported it to Microsoft, but now we must wait for them to look into it and update the online definitions of Windows Defender.

In the mean time, here is what you need to do to solve the issue:

1. Go to the Windows Start Menu and open the Windows Defender Security Center.

2. Click 'Virus & threat protection'.

3. Click 'See threat details'.

4. You should see an entry saying 'Trojan:Win32/Azden.A!cl'. Click on it.

5. In 'Action Options' select 'Allow on device'

6. Click 'Start Actions' button above.

7. You should get an 'Allow threats' dialog. Click the 'Allow' button.

8. Click OK in the UAC prompt.

NextSTART.exe is now removed from quarantine and you can run it normally.

-----

Just in case you're curious, here are the VirusTotal results for NextSTART.exe and the other Winstep executables. Out of over 60 different AV engines only eGambit (never heard of it) finds anything suspicious. Obviously a false positive as well:

NextSTART v17.12 VirusTotal results

WorkShelf v17.12 VirusTotal results

Nexus Ultimate v17.12 VirusTotal results

Nexus v17.12 VirusTotal results

Sincerely, sometimes I think some of these AV engines create a lot more problems than they solve. Sigh. :twisted:

In the mean time, and until I hear back from Microsoft with a resolution, I removed Winstep Xtreme from the update list so it's not picked up by the Winstep Update Manager. They were quite fast responding when this happened with the beta - let's hope they're even faster this time around. Unfortunately we then have to wait even longer for the Windows Defender online definitions database to be updated.

_________________
Jorge Coelho
Winstep Xtreme - Xtreme Power!
http://www.winstep.net - Winstep Software Technologies


Back to top
 Profile WWW 
 
 Post subject: Re: Windows Defender false positive for NextSTART on Windows
PostPosted: Fri Dec 29, 2017 4:52 am 
Offline

Joined: Tue Mar 01, 2016 11:46 am
Posts: 568
winstep wrote:

4. You should see an entry saying 'Trojan:Win32/Azden.A!cl'. Click on it.

isnt that a to general exception? ie wouldnt it allow a true trojan of that name too?

dont use defender, but most of AV software (if not all) had more specific filters for exceptions


Back to top
 Profile  
 
 Post subject: Re: Windows Defender false positive for NextSTART on Windows
PostPosted: Fri Dec 29, 2017 5:05 am 
Offline
Site Admin
Site Admin
User avatar

Joined: Thu Feb 26, 2004 8:30 pm
Posts: 11930
I think you can click on details and it will THEN name the NextSTART executable. But yes, it's VERY stupid that it doesn't do that in the first place.

Well, that's modern Microsoft for you. Winstep software never had trouble with Windows Defender until now, and, from what I have just been reading online, it seems Defender is reporting a LOT of FALSE positives lately.

Since Defender runs on basically every Windows 10 machine, doesn't even give the user an option and immediately deletes the file, that's not good: it basically blocks the software from running on all Windows 10 machines.

Now I feel as if I have to ask permission from Microsoft before making a new release - if I already didn't like the direction they were taking before... lets say I'm not exactly a happy camper at the moment. Was forced to halt the Winstep Xtreme update because of this.

Funny thing, it's their Cloud protection/definition that seems to cause the problem. The Client itself sees nothing wrong.

_________________
Jorge Coelho
Winstep Xtreme - Xtreme Power!
http://www.winstep.net - Winstep Software Technologies


Back to top
 Profile WWW 
 
 Post subject: Re: Windows Defender false positive for NextSTART on Windows
PostPosted: Fri Dec 29, 2017 12:46 pm 
Offline
Site Admin
Site Admin
User avatar

Joined: Thu Feb 26, 2004 8:30 pm
Posts: 11930
Ok, issue has been resolved and the Cloud definition of Windows Defender no longer detects NextSTART as malware, so I have resumed the update.

Something that puzzles me is why would NextSTART be considered a threat but WorkShelf is left alone. This because WorkShelf does everything NextSTART does and much more, while NextSTART doesn't even connect to the Internet.

I have a theory: I think Defender keeps track of all the programs running out there on Windows 10 user's machines, and somewhere out there, there is a cracked/pirated version of Winstep Xtreme where NextSTART.exe has been deliberately infected with malware. This raises a flag to the 'nextstart.exe' filename in Defender's Cloud database, which then makes it suspicious of the legit version.

Just a theory, though. Especially because flagging files as malware based on the filename alone would be pretty stupid - but one never knows. :P

_________________
Jorge Coelho
Winstep Xtreme - Xtreme Power!
http://www.winstep.net - Winstep Software Technologies


Back to top
 Profile WWW 
 
 Post subject: Re: Windows Defender false positive for NextSTART on Windows
PostPosted: Fri Dec 29, 2017 6:22 pm 
Offline

Joined: Wed Aug 05, 2009 3:47 pm
Posts: 914
Jorge, I did read this thread, but I figured it didn't apply to me because I have Windows Defender turned off. I've had that piece of crap turned off for years. It does nothing but causes problems.

After my last visit, I see that you posted that you disabled the update.

I just had to manually check and the update is now available. I'm about to install it now.


Back to top
 Profile  
 
 Post subject: Re: Windows Defender false positive for NextSTART on Windows
PostPosted: Fri Jan 19, 2018 10:47 am 
Offline

Joined: Fri Jan 19, 2018 10:44 am
Posts: 2
Windows Defender has a long history of flagging harmless software as malware. Try disabling it to solve the issue you're experiencing.


Back to top
 Profile  
 
 Post subject: Re: Windows Defender false positive for NextSTART on Windows
PostPosted: Wed Nov 28, 2018 5:29 pm 
Offline

Joined: Wed Nov 28, 2018 5:18 pm
Posts: 1
Windows defender is not the best software. I have tested it in so many ways, and as IT security expert, I would reccomend to dissable it and use other security solution. To my personal opinion, Bitdefender and Avast is much better solutions than Windows Defender.


Back to top
 Profile  
 
 Post subject: Re: Windows Defender false positive for NextSTART on Windows
PostPosted: Thu Nov 29, 2018 2:34 pm 
Offline

Joined: Wed Aug 05, 2009 3:47 pm
Posts: 914
I totally agree Windows Defender is garbage. I have it disabled and any PC that I do malware and program fixes on, I tell the person that I disabled it.

I then install Avast as the antivirus program. I've been an Avast user for years. Now, with that being said, there is an issue with Winstep updates and Avast.

It flags any update beta or otherwise as potentially malicious, blocks the update from installing, does a scan and sends a report which later on comes back as okay. So, anytime I get an update, I disable Avast before installing it. However, that doesn't totally solve the problem. Once I reenable it after the update is installed, it will do the scan and sometimes block Winstep until later on Avast finds that it's okay.

I've asked Jorge a couple of times if he has contacted Avast to whitelist it, but he never answered back. I'm surprised I never got a reply.


Back to top
 Profile  
 
Post new topic Reply to topic Board index : Winstep Forums : General Discussion  [ 8 posts ]
Display posts from previous:  Sort by  

Who is online

Users browsing this forum: Google [Bot] and 59 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron