The MASM Forum

Projects => MASM32 => AV Software sh*t list => Topic started by: hutch-- on May 26, 2012, 12:32:55 AM

Title: Have you experienced problems installing masm32 with lousy AV products ?
Post by: hutch-- on May 26, 2012, 12:32:55 AM
A perennial problem with the low end of AV software is the generation of false positives with their heuristic scanners. While the high quality end of the AV market rarely ever generates problems of this type, others appear to have never read the Microsoft Portable Executable specifications and attempt to reduce the specification to a subset of what they are able to comprehend.

The MASM32 project over its 10 year history has always been built in an isolated environment from its original source code and it has been installed successfully on millions of computers over that 10 year period without ever having contained a virus or trojan. The example code is supplied in assembler source code format so the content of the binaries that are built from that source code is exhaustively known.

If you have experienced a problem whie installing the MASM32 Project, please report it in this subforum complete with the AV products name, version and any work around or settigs change you have needed to make a successful installation.

AVG has known problems when installing MASM32.
Avira has triggered false positives when installnng MASM32.

Solution, if you cannot set these AV products to avoid false positives, get another one that does.
Title: Re: Have you experienced problems installing masm32 with lousy AV products ?
Post by: Vortex on May 26, 2012, 04:02:44 AM
Hi Hutch,

I am using Avira on my development computer. It's true that it catches some executables in the Masm32 folder but the AV does OK in general. I ignore those false positives.
Title: Re: Have you experienced problems installing masm32 with lousy AV products ?
Post by: shantanu_gadgil on May 28, 2012, 07:34:36 PM
Hi Hutch,

I am using Avira on my development computer. It's true that it catches some executables in the Masm32 folder but the AV does OK in general. I ignore those false positives.

Same here, I too use AVIRA Free edition on my Home PC. It flags a few binaries which, I too, ignore!  :biggrin:

BTW, this is "my post immediately after signup" !!!  8)

Regards,
Shantanu
Title: Re: Have you experienced problems installing masm32 with lousy AV products ?
Post by: hutch-- on May 28, 2012, 07:40:16 PM
Hi Shantanu, welcome back.  :t
Title: Re: Have you experienced problems installing masm32 with lousy AV products ?
Post by: CodeDog on September 14, 2012, 06:30:36 AM
Avira will detect anything as a virus or trojan. It's obsessed with false warnings. I now use MSE and i've not come across a single false detection yet in a year of usage. Not a single one, ever, not even in my assembly folder. (It could mean the damn AV is not working at all, who knows) lol..

The reason Avira have the highest detection on the market is because it has the highest false detection on the market as well, if you remove false detections, it will become one of the worst detection AV on the market.
Title: Re: Have you experienced problems installing masm32 with lousy AV products ?
Post by: Gunther on September 16, 2012, 05:26:30 AM
Hi CodeDog,

Avira will detect anything as a virus or trojan. It's obsessed with false warnings. I now use MSE and i've not come across a single false detection yet in a year of usage. Not a single one, ever, not even in my assembly folder. (It could mean the damn AV is not working at all, who knows) lol..

sounds good. It seems that MSE is an alternative. I'll give it a try.

Gunther
Title: Re: Have you experienced problems installing masm32 with lousy AV products ?
Post by: MIH1406 on October 02, 2012, 11:49:15 AM
Avast: warns me and stopped the execution for 15 seconds then I could continue what I started without any issues after the completeness of the installation.
Title: Re: Have you experienced problems installing masm32 with lousy AV products ?
Post by: Hackeronte on November 28, 2012, 05:28:39 AM

Downloading masm32v11r.zip from http://website.assemblercode.com/masm32/masm32v11r.zip (http://website.assemblercode.com/masm32/masm32v11r.zip)
And avast! ( ver. 4.8 ) on W2k sp4++ say that:
C:\Documents and Settings\Administrator\Desktop\install.exe\[Embedded_I#004c50]\examples\Bill_Cravener\tabs\tabs.obj
&
C:\Documents and Settings\Administrator\Desktop\install.exe\[Embedded_I#004c50]\examples\Bill_Cravener\tabs\tabs.exe
are infected (Win32:Dorkbot-CJ [Trj])
downloading TrayMenü from Marwins Software: Win32ASM (http://www.codingcrew.de/marty/win32asm.php (http://www.codingcrew.de/marty/win32asm.php))
avast! (ver. 4.8 ) on W2k sp4++ say that: TrayMenü\TrayMenü.exe is infected (Win32:Malware-gen)
I'd like to ask if i Can i safely report them as FALSE POSITVE ???


Thanks in advance & regards
                                                 hackeronte de' bugger
Title: Re: Have you experienced problems installing masm32 with lousy AV products ?
Post by: K_F on December 05, 2012, 06:55:31 AM
Why not download V11 from the masm32 (this) website, and see if there is a difference.
 ;)
Title: Re: Have you experienced problems installing masm32 with lousy AV products ?
Post by: dedndave on December 05, 2012, 07:25:09 AM
Van - that link is one of the download links from this site
Title: Re: Have you experienced problems installing masm32 with lousy AV products ?
Post by: Vortex on December 05, 2012, 07:33:24 AM
Hi Hackeronte,

About the Masm32 package : it's safe if you download it from the official links. Some AV softwares will report false-positives and you can ignore them. If you are unsure, you can always check Jotti's malware scan :

http://virusscan.jotti.org/en

Title: Re: Have you experienced problems installing masm32 with lousy AV products ?
Post by: K_F on December 05, 2012, 04:35:54 PM
Van - that link is one of the download links from this site
Ohhhh!!..  whoops  :bgrin:
Title: Re: Have you experienced problems installing masm32 with lousy AV products ?
Post by: Cokaric on April 09, 2013, 09:16:12 PM
BitDefender, picture attached...

I am on local library computer and I can't access C:\ path nor disable the AV. Is it possible to make it portable and install it on USB drive?
Title: Re: Have you experienced problems installing masm32 with lousy AV products ?
Post by: dedndave on April 09, 2013, 09:24:28 PM
i don't see why you couldn't
the masm32\bin folder does not have to be in the PATH

what is important is that the project you are trying to build is on the same drive as the masm32 folder
...and that the masm32 folder is in the root of that drive
Title: Re: Have you experienced problems installing masm32 with lousy AV products ?
Post by: jj2007 on April 09, 2013, 09:28:16 PM
Dave,
There is somewhere a warning that you can't install Masm32 on a network drive. I've never tried, though.

Other option, from a DOS prompt:

subst D: F:\MyUsbFolder

Then save the installer to D:\ and go ahead....
Title: Re: Have you experienced problems installing masm32 with lousy AV products ?
Post by: dedndave on April 09, 2013, 09:31:59 PM
i suppose if the project is on the same (network) drive, it may work
i think the message is, you can't install masm32 on a network drive and build on a local drive

but, a USB flash drive is not the same as a network drive   :P
Title: Re: Have you experienced problems installing masm32 with lousy AV products ?
Post by: Cokaric on April 09, 2013, 09:43:35 PM
damn guys, I have never been on such a board when I post something and not one but two ppl answer in like 10 minutes... seems like I will stick to this board :)

Anyway I succeed to access C:\ drive, access to C:\ drive was also blocked. I copied files extractor created to my USB drive and I will test on other computer compiling my MASM project and report here. Just currently I am running out of time since I spent last hour figuring out how to temper with library security. Hopefully things I learned today will help me in future or change their minds about leaving stuff unprotected or protected at all since obviously their protection is useless...

I have network drive back home so will test that as well. But I think there should be no problem :)
Title: Re: Have you experienced problems installing masm32 with lousy AV products ?
Post by: Jeff on May 03, 2013, 01:54:10 AM
Symantec Endpoint Protection reports the following:
dlgmake.exe (Backdoor.Graybird) - Forced deletion with restart required
poasm1k.exe (Trogan.Gen.2) - Quarantined
zoomin.exe (Trojan.Startpage.G) - Deleted

I'm attempting to undo with Smc.exe and see if they get re-picked up by the AV scanner after reboot. :(
I'm on my corporate dev machine, so I have very little control over the AV.
Title: Re: Have you experienced problems installing masm32 with lousy AV products ?
Post by: jj2007 on May 03, 2013, 02:02:53 AM
Some AVs allow to exclude specific folders and their subfolders from scanning. That is generally the only option which really works for \Masm32... because executables below 100k are suspicious by definition in BloatOS :P
Title: Re: Have you experienced problems installing masm32 with lousy AV products ?
Post by: dedndave on May 03, 2013, 02:20:13 AM
none of those files are critical to use of the package

restart required on dlgmake ??? - lol

the poasm1k file - i can see why it might have got that one   :P
Title: Re: Have you experienced problems installing masm32 with lousy AV products ?
Post by: Jeff on May 03, 2013, 04:53:07 AM
Symantec Endpoint Protection reports the following:
dlgmake.exe (Backdoor.Graybird) - Forced deletion with restart required
poasm1k.exe (Trogan.Gen.2) - Quarantined
zoomin.exe (Trojan.Startpage.G) - Deleted

I'm attempting to undo with Smc.exe and see if they get re-picked up by the AV scanner after reboot. :(
I'm on my corporate dev machine, so I have very little control over the AV.
After "undoing" the actions listed above with Endpoint Protection, then rebooting, they are still marked and deleted/quarantined...

Good to hear they are not critical.
Title: Re: Have you experienced problems installing masm32 with lousy AV products ?
Post by: Gunther on May 03, 2013, 06:30:47 AM
Jeff,

After "undoing" the actions listed above with Endpoint Protection, then rebooting, they are still marked and deleted/quarantined...

Good to hear they are not critical.

that are so called false positives. There's no danger by installing the MASM32 package. Trust me.  :icon_cool:

Gunther
Title: Re: Have you experienced problems installing masm32 with lousy AV products ?
Post by: MichaelW on May 03, 2013, 07:15:32 AM
Back when I was using NAV I have never had it find any problem in the MASM32 package, and the same for the MSE that I am currently using.
Title: Re: Have you experienced problems installing masm32 with lousy AV products ?
Post by: Gunther on May 03, 2013, 07:10:31 PM
Michael,

Back when I was using NAV I have never had it find any problem in the MASM32 package, and the same for the MSE that I am currently using.

I'm unsatisfied with Avira (very annoying). What would you recommend?

Gunther
Title: Re: Have you experienced problems installing masm32 with lousy AV products ?
Post by: dedndave on May 03, 2013, 10:35:46 PM
it seems that Michael is using MSE

i like AdAware
although, i don't like AV's that scan all the time
i disable it when i am not using it
it requires unchecking 2 items in MsConfig Startup tab and disabling 2 services (reboot)

but, it does a very good job of finding infected files - the best i have found, so far
Title: Re: Have you experienced problems installing masm32 with lousy AV products ?
Post by: MichaelW on May 04, 2013, 02:04:46 AM
Hi Gunther,

I have been using MSE for about 2 months now.

I have experimented with the configuration somewhat, and have for now settled on a default configuration with a small number of excluded file types (source files and similar, but note that I don’t know if these types of files would be scanned even if they were not excluded).

With real-time protection enabled MSE is frequently active, and monopolizing the CPU, during normal use of my system. This is at times somewhat irritating, but this activity does seem to be triggered by just the sort of things that I would expect, and there is the option of turning real-time protection off when necessary. My P3 system all but stops responding while this is going on, probably indicating that MSE is doing something more or less complex, and I think also that it expects to be running on a processor with multiple (physical) cores. Under these same conditions even my 3GHz P4 Northwood system with HT enabled is very slow to respond. In Task Manager the “engine” MsMpEng.exe typically shows ~20 threads.

Microsoft seems to update the definitions at least once per day. The definition updates are automatic, and AFAICT there is no option to control this.

The quick scan seems to run fairly fast. I recently had to rebuild my P3 system, and part of that involved a full scan of a ~15 year accumulation of files (numbering in the millions). The scan took ~60 hours, with the default 50% CPU usage limit, and my using the system for several hours during the scan. And it found only two potential problems in some KMD kits from years ago, and IIRC one of them was a Microsoft product. One irritation here is that during the scan MSE notifies you that it found one or more problems, but provides no details, and AFAICT the only way to get the details is to let the scan run to completion.

And on both systems, both running Windows XP SP3, minimizing the MSE window will sometimes leave an image of the window on the desktop. I’m not sure what this means, but I’m hoping it means that the developers are concentrating on the primary function of MSE, and ignoring cosmetic details.
Title: Re: Have you experienced problems installing masm32 with lousy AV products ?
Post by: Gunther on May 04, 2013, 04:41:46 AM
Michael, Dave,

thank you for your fast answers. I'll check both ways.

Gunther
Title: False negatives
Post by: jj2007 on September 24, 2013, 07:55:16 AM
With real-time protection enabled MSE is frequently active, and monopolizing the CPU

I have it disabled most of the time, for that reason. But even enabled it doesn't find anything suspicious in this snippet, which is actually surprising. Only VBA32 complains...

include ... you know what ;-)
.code
start:
        Let esi=FileRead$(Mirror$("daernu=noitca?php.xedni/draob/moc.23msam//:ptth"))        ; Jotti (http://virusscan.jotti.org/en/scanresult/c60194aeb6266a8e6d5e69b9838d203e97850528) 1/22 (VBA32)
  invoke ExitProcess, 0
end start

Actually, I can launch it from C:\ (yes, the root), read a file and launch it - and not the faintest sign of "realtime protection" ::)
Title: Re: Have you experienced problems installing masm32 with lousy AV products ?
Post by: Magnum on September 24, 2013, 01:11:46 PM
Symantec Endpoint Protection reports the following:
dlgmake.exe (Backdoor.Graybird) - Forced deletion with restart required
poasm1k.exe (Trogan.Gen.2) - Quarantined
zoomin.exe (Trojan.Startpage.G) - Deleted

I'm attempting to undo with Smc.exe and see if they get re-picked up by the AV scanner after reboot. :(
I'm on my corporate dev machine, so I have very little control over the AV.

I found Kaspersky to be among the better at not identifying a lot of false positives  as well as having a great rescue CD program.

Andy
Title: Re: Have you experienced problems installing masm32 with lousy AV products ?
Post by: Gunther on September 24, 2013, 06:45:44 PM
Andy,

I found Kaspersky to be among the better at not identifying a lot of false positives  as well as having a great rescue CD program.

Andy

yes, Kaspersky isn't bad. I've installed it in parallel to Avira.

Gunther
Title: Re: Have you experienced problems installing masm32 with lousy AV products ?
Post by: dedndave on September 24, 2013, 07:11:49 PM
i haven't had much trouble with AdAware
Title: Re: Have you experienced problems installing masm32 with lousy AV products ?
Post by: sinsi on September 24, 2013, 07:34:40 PM
yes, Kaspersky isn't bad. I've installed it in parallel to Avira.

Gunther
Don't run two AVs - at least not two with run-time protection. You can have problems with locked files and general slowdowns.
Title: Re: Have you experienced problems installing masm32 with lousy AV products ?
Post by: Magnum on September 24, 2013, 10:56:04 PM
BitDefender, picture attached...

I am on local library computer and I can't access C:\ path nor disable the AV. Is it possible to make it portable and install it on USB drive?

Yes, you can.

It just runs slower.

I used it on a pen drive.

Andy
Title: Re: Have you experienced problems installing masm32 with lousy AV products ?
Post by: Gunther on September 25, 2013, 02:21:19 AM
Hi sinsi,

Don't run two AVs - at least not two with run-time protection. You can have problems with locked files and general slowdowns.

thank you. I've disabled the run-time protection of the Kaspersky program.

Gunther