💥 New Security Certificate. Need some help 💥

[Yincognito]

Strange, I just manually scanned it with Defender, and it came up clean.

2024-02-21_140644.png

Maybe because of VirusTotal results (obviously, only no-name vendors flag the products, which tells you everything about that "detection"):

screencapture-virustotal-gui-file-77a917642cef38da8a272e177692c2c1690e9a81dcaf16b542586ccca03dac57-2024-02-21-21_09_17.jpg

If you go to behavior it will become obvious that it's a false positive for those vendors.

[Brian]

Here is what Windows Defender says one of my machines (Windows 10):

WindowsDefender.png

-Brian

[balala]

Not sure this is meaningful, however here is what I get when trying to download the file, using Edge (yep, this is the browser I'm using usually):

• I click the posted download link. This is what I get:
  1.png
• I'm hovering the mouse over the file and click Keep in the opening menu:
  2.png
• In the next panel, I click "Show more" and finally click "Keep anyway":
  3.png

By this, I get the file downloaded and ready to be used.

No threat at least on my computer. Tried checking the downloaded file with Eset Internet Security, which I'm using. No problems found:

4.png

[jsmorley]

Not sure this is meaningful, however here is what I get when trying to download the file, using Edge (yep, this is the browser I'm using usually):

• I click the posted download link. This is what I get:
  1.png
• I'm hovering the mouse over the file and click Keep in the opening menu:
  2.png
• In the next panel, I click "Show more" and finally click "Keep anyway":
  3.png

By this, I get the file downloaded and ready to be used.

No threat at least on my computer. Tried checking the downloaded file with Eset Internet Security, which I'm using. No problems found:

4.png

That's pretty much exactly what I get balala

[Yincognito]

That's pretty much exactly what I get balala

One other interesting thing... VirusTotal results for Rainmeter 4.5.18.3727:

screencapture-virustotal-gui-file-5ac959e5dee9884512f4a34623bbad2c08be427669015b917a750f7cbfbb0a75-2024-02-21-21_32_15.jpg

Not sure if it's because being the previous version AV vendors had time to flag this as harmless as it should be, or there is some other change compared to the new version from the first post.

[jsmorley]

We are using a different process to "build" the software, due to changes to how we need to get a "certificate" for it.

The .exe is "built" using https://www.appveyor.com/, and then automatically sent to https://about.signpath.io/ to be given the certificate. Then I download it from there for posting as a "release" on GitHub.

So the binary is certainly "different", but AppVeyor is a very respected outfit, running the latest versions of all the tools, and shouldn't be an issue.

[eclectic-tech]

Well...

I was not able to see the file in my Download folder even though I selected the action to allow the threat.

After restarting my PC and and viewing allowed threats, now the threat is allowed:

virusallowed.jpg

I was able to download the file from the posted link again, and this time I was able to "keep" and "Keep anyway" and see the downloaded file.

virusdl.jpg

[Yincognito]

We are using a different process to "build" the software, due to changes to how we need to get a "certificate" for it.

The .exe is "built" using https://www.appveyor.com/, and then automatically sent to https://about.signpath.io/ to be given the certificate. Then I download it from there for posting as a "release" on GitHub.

So the binary is certainly "different", but AppVeyor is a very respected outfit, running the latest versions of all the tools, and shouldn't be an issue.

Yep, that could be one possibility. Some of these AVs rely mainly on signatures, so if they detect something "unusual", that could explain it. Personally, I've used ESET for decades and if it didn't issue any alert like both balala and you confirmed, then I'd be 99.99999% it's safe. My current AV doesn't flag it either. Unfortunately, can't use the "reputation" process you described cause my system is locked up to not communicate with the outside unless I allow it (and that includes most of Microsoft's "non-essential" parts, like SmartScreen, Windows Defender, and so on).

[SilverAzide]

No complaints from Chrome. Edge refuses, even with SmartScreen turned off.

[jsmorley]

No complaints from Chrome. Edge refuses, even with SmartScreen turned off.

In Edge, you should be able to do this:

1.png

2.png

3.png

4.png

5.png