Comments (36)
Ok, I had another go and instead of using a .bat file and bat2exe converter, I directly wrote it in c, hoping this would raise less suspicion on malware scanners:
There are still 11 scanners (out of 68) that flag it as malicious. But I guess that is how it is on Windows. Can you check if it is OK now for you to use?
This is the source code:
#include <stdio.h>
#include <stdlib.h>
#include <direct.h>
#include <string.h>
#include <windows.h>
#include <libgen.h>
int main(int argc, char *argv[])
{
char exec_path[FILENAME_MAX];
GetModuleFileName(NULL, exec_path, FILENAME_MAX);
strcpy(exec_path, "\"");
strcat(exec_path, dirname(exec_path));
strcat(exec_path, "\\pd-netpd\\bin\\pd.exe\" -open pd-netpd\\netpd\\main.pd");
printf("%s\n", exec_path);
WinExec(exec_path, SW_HIDE);
return 0;
}
from netpd.
Sorry, forgot to post the link to the bundle using this: https://www.netpd.org/software/netpd-current-windows.zip
from netpd.
Thanks for the pointer. I remove the the windows bundle for the time being until this is resolved.
from netpd.
It seems that the nature of netpd.exe being a batch file converted to an exe file makes it suspicious for some scanners, especially those using heuristics to apply a score. I don't know how these kinds of converters work exactly, but they probably need to perform operations that look suspicious like temporarily extracting files to %AppData%.
I gave it another shot with "Bat To Exe Converter" the result still triggers warning, but at least not that many anymore: https://www.virustotal.com/gui/file/ce04fa7c14c512d428e95db4a6661bf23cbec5322df3d18d8e18b20aed7b0fec/detection
I think that is the best I can come up with at the moment.
Find an updated windows bundle here: https://www.netpd.org/software/netpd-2.3.0-windows.zip
from netpd.
The new bundle does not triggers any warning from Windows Security, thanks ! edit
from netpd.
Glad to hear. Thanks for reporting back.
from netpd.
Well I'm taking it back, dammidt
from netpd.
I think I will just launch main.pd with puredata then lol
from netpd.
OK. Thanks.. What's WD, btw?
from netpd.
Windows Defender, but I meant Windows Security*
from netpd.
That's troubling. I have WIndows Security enabled and still it doesn't complain... Windows 10 Version 20H2. I wonder why that is.
from netpd.
Maybe my settings are more stricter, idk.
Do you bundle and test on the same machine ?
from netpd.
Yes, I do.. maybe i should test on a different machine. However, I don't have access to any other machine.
from netpd.
What are the steps for building the exe ?
from netpd.
Basically it's just a file "netpd.bat" with this content:
start "netpd" pd-netpd\bin\pd.exe -open pd-netpd\netpd\main.pd
converted to netpd.exe with the software "Bat to Exe Converter v3.2". This tools allows to embed a custom icon when creating an exe file.
The goal is to have a clickable file that starts Pd and loads main.pd. The netpd.bat instead of netpd.exe would do as well, but is ugly. If there are better ways to do that, I'm all ears.
from netpd.
I tested some more and changing settings randomly in "Bat to Exe Converter" creates exe files that are tested with different results on VirusTotal each time (not all settings create a binary that actually works, of course). So, I came up with a binary that is not flagged by Microsoft nor Sophos. Those two vendors are the ones I encounter everyday at work, that's why I picked those.
Interestingly, when using the exact same settings in "Bat to Exe Converter", the resulting binary doesn't have the same checksum as the previous compilation. Also, the builds are flagged slightly differently on VirusTotal. So, partially - at least - it's a gamble.
I think this contains an netpd.exe that is not flagged by Windows Security: https://www.netpd.org/software/netpd-2.3.0-windows.zip
from netpd.
On my side, it still warns me about trojans :/
the resulting binary doesn't have the same checksum as the previous compilation
It's very concerning... Is there a reason you might think would do that ?
I think I cannot find the right "Bat to Exe converter" software you're talking about... Is it https://www.softpedia.com/get/System/File-Management/Batch-To-Exe-Converter.shtml ?
from netpd.
It's very concerning... Is there a reason you might think would do that ?
I'm not sure if it is really that concerning. "Predictable builds" is a science of its own. If the build is tagged with a a build timestamp, the checksum will be different. I don't know if that is the case, though.
I think I cannot find the right "Bat to Exe converter" software you're talking about... Is it https://www.softpedia.com/get/System/File-Management/Batch-To-Exe-Converter.shtml ?
Yeah, that is the one. Also, the version matches: 3.2
Good luck!
from netpd.
Interesting, I didn't record it, but Microsoft Security flagged it as three different threats already.
from netpd.
I'm not sure if it is really that concerning. "Predictable builds" is a science of its own. If the build is tagged with a a build timestamp, the checksum will be different. I don't know if that is the case, though.
Yeah this might be it ! A simple check with a hex editor might confirm that I think...
Interesting, I didn't record it, but Microsoft Security flagged it as three different threats already.
Better to catch too much than too little, like they say
from netpd.
Yeah, that is the one. Also, the version matches: 3.2
I'm gonna try it then !
[EDIT] Neverming, I'm not gonna dive into it right now :/
from netpd.
Now, I finally can reproduce the problem on my Windows 10 VM (with "Sophos Endpoint Security and Control" installed). I will investigate further.
from netpd.
I assume thumbs-up and heart emoji mean that things are good now. I close this issue. Feel free to respond if you do not agree.
from netpd.
I didn't tested it yet sorry, the thumbs up was for acknowledging the message but I wanted to test it before sending a comment.
from netpd.
Sure. No problem. Sorry for the misunderstanding. I keep it open until it being fixed is confirmed
.
from netpd.
from netpd.
Thankx for the Uwamson x)
from netpd.
I'm wondering if it is not possible to just use the raw powershell bat script to run netpd, or maybe use a sort of windows shortcut file... It may be simpler.
from netpd.
Just tested it rn ![image](https://user-images.githubusercontent.com/32589981/152050002-fdee9579-8276-43c7-85c4-e8a1b389771
May I ask what virus scanner flags it as a virus?
from netpd.
I'm wondering if it is not possible to just use the raw powershell script to run netpd, or maybe use a sort of windows shortcut file... It may be simpler.
I not accustomed to powershell, but yes, might be simpler. Can it have a custom icon? Can it be started by double-clicking it and can the terminal window be hidden?
from netpd.
May I ask what virus scanner flags it as a virus?
Windows Defender.
I not accustomed to powershell, but yes, might be simpler. Can it have a custom icon? Can it be started by double-clicking it and can the terminal window be hidden?
Sorry, I wanted to say "bat" file, not powershell. I don't know for the custom icon nor the terminal, for the double click it seems that it is not enabled by default - source
Can you tell me with what you used to built the c++ prorgram please ?
from netpd.
Can you tell me with what you used to built the c++ prorgram please ?
With gcc. I got it by installing MSYS and MINGW. Then I ran in a MSYS terminal:
gcc netpd.c -o netpd
BTW: it's plain C, not C++
from netpd.
Hi, I was also using bat to exe converter for a special pd distribution with my students, I remember having same antivirus issues before. I am now using an older bat to exe version and nobody had the problem in the last classroom. I am not sure if it is related, but I got back to the old 2.48 version because I discovered some extra useless commands added in the new one.
from netpd.
@60-hz Thanks for pointer about bat to exe converter version. I'll try that out.
from netpd.
It's such a weird topic. I re-compiled the very small and also quite innocent tool with the same compiler, but on Linux instead of Windows. Also, I added the icon to the binary with resource hacker running under Wine instead of Windows. The resulting binary is flagged now only by two scanners:
That's a strange cat and mouse game.. As you can see, Windows Defender is not amongst the scanners that detect it as malicious.
If you're not tired already, you can test it with package from here:
https://www.netpd.org/software/netpd-2.3.1-windows-2022-02-17.zip
from netpd.
Funny side note: Before adding the icon, 3 flagged it as suspicious. After adding the icon to the binary, only two.
from netpd.
Related Issues (20)
- add latency measurement tool for more precise latency compensation
- update template to reflect all netpd_ abstractions HOT 1
- unpatch: dsp is turned off and on many times when an instrument is loaded HOT 1
- chat: make it side-effect free
- chat: typing messages with double-quotes messes up chat window HOT 2
- restoring saved state fails when not having the instruments
- unpatch: ask for permission before downloading instruments
- text entry in chat and unpatch may cause unwanted repeats HOT 1
- unpatch: notification about newer remote version is broken HOT 1
- unpatch: patches are modified during transmission HOT 2
- chat: spaces in printed messages are escaped with backslashes
- netpd_text: add missing methods HOT 1
- how to ensure consistency HOT 1
- unpatch: slow loading of remote sessions HOT 2
- loading instruments or effects cause long during redraw of data structures HOT 2
- Warn when connection to server is terminated without user interaction
- read netpd-preferences from user's home directory
- Windows and macOS builds turn DSP off sometimes HOT 4
- broken links in README.md HOT 1
- unpatch: error on loading instrument when started in offline mode HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from netpd.