Malware positives with official Darktable v4 win64 executable ?

Hey there, there are malware positives when analysing the windows64 executable available on the official Darktable website (install | darktabledarktable-4.0.0-win64.exe .

Following the links for analysis on 2 different platforms:

Any suggestions/news regarding a clean version of the program?

We have multiple layers of security at the university with Trend Micro Alpha One …set to pretty low tolerance levels for anything…

The Win exe is not showing any issues on a scan here…

image

1 Like

Yeah, it’s odd. I realise that hybrid-analysis doesn’t show necessarily malware. But the connections to suspicious IP addresses is very odd to me. Why would a photography application try to connect online?

No idea… but the tool you use has some issues maybe as well…infact it may be that its the tool and not the darktable.exe…

I’m aware this things aren’t perfect. But it caught my attention that both services flag something about the .exe. I’ll probably wait for a patch version or so before installing, but I’d be happy if it was all false positives :smiley:

Thank you for sharing the article! It’s very interesting!

Two of them seem to be from Github, and one from Microsoft.

Isn’t the installer grabbing other apps/libraries from Github?

1 Like

The installer is flagged all the time. We have never had an instance of malware.

Proceeded as you wish, but the AV company need you to keep buying AV software.

1 Like

Yeah that would make sense. Although, this page of the hybrid-analysis platform shows the IPs and ports accessed. 3 of those seem to be suspicious and 1 flagged as malicious. - Free Automated Malware Analysis Service - powered by Falcon Sandbox - Viewing online file analysis results for 'https://github.com/darktable-org/darktable/releases/download/release-4.0.0/darktable-4.0.0-win64.exe'

I’m far from being an expert. I just got the habit of verifying executables before installing. In this case, it got flagged and I just wanted to let the devs/community know that that is the case. Be it false positives or actually malicious stuff, I think the team/devs especially should be aware. I don’t assume is their fault either way.

Maybe try one of the builds posted here and maybe Bills on Windows insider and see if you get the same msgs…just out of curiosity…

I have never had a problem with the official Darktable download site. However, I have heard of issues when people have tried to download via the Microsoft store and they were asked for payment.