I run all my downloads through VirusTotal, just reinstalled Windows and downloaded the latest version to install and MaxSecure report file contains malware Win.MxResIcn.Heur.Gen. Is this a false positive?
Hi and welcome to the forum. Assuming you got your download from darktable.org then it is likely a false positive. You can run the exe thru virus total for a 2nd opinion: VirusTotal
@paperdigits thanks for the reply, yes the download was from darktable.org and the virus report was from VirusTotal where one of the listings is MaxSecure who reports Win.MxResIcn.Heur.Gen as found. I did have VirusTotal run a couple of checks on the file.
If the other checks from virus total come back clean, you likely have a false positive. But only you can make the determination about what is and is not safe to install on your machine.
To know other “opinions” you can pass the file to other pages, https://metadefender.opswat.com and https://virusscan.jotti.org
I just ran darktable 4.8.0 thorough Jotti and Virus Total and both say malware was found. I downloaded through darktable.org as well. Last night when I went to install, Windows Defender picked this up also. Thank God!
Never had an issue before with darktable files downloaded from darktable.org.
Can darktable please correct this ASAP and issue a new file?
It’s a good idea to post the direct link to the VT analysis, so others can check if they have the same file (i.e., by checking the hashes).
I just downloaded the .exe from darktable (it is the same file as on github btw) and it is this file: VirusTotal
At the moment only 2 engines detect it, which is rather a sign of a FP than actual malware (especially as the two engines name it “AIDetectMalware” and “Suspicious.low.ml.score” - but you never know.
By the way, the old version 4.6.1 is also detected: VirusTotal
What you can do is to send the files to the vendors that detect it and ask for removal from their database…
Why are you so sure, it’s darktables fault? It can still be a false positive, especially when the detection was based on a heuristic analysis.
Right now, all I know is when I try to install, Windows Defender will not let me install. I am downloading from the same site on 2 different computers and having the same issue. If I run this file through Jotti or Virus Total as suggested, I still get that the file has an issue.
If its a false positive, so be it, but Windows wont let me install this on any computer, that’s why I thinking if the file itself has an issue.
If 4.8 cannot be installed, 1) Can darktable look into the file ot see if there is an issue, 2) I will have to wait for next update and try to install that next update.
Like I said before I have never had an issue with installing any darktable files downloaded from their site and have been using this program for a few years now.
I tried Metadefender and says they only can scan up to 75MB. 4.8.0 is too large.
Tried Virus Total and Jotti and both show file has a malware issue. Tried this on two different computers as well with the results.
Windows Defender will not let you install at all.
Right, I understand your point. But the internet is full of threads discussing darktable to be recognized as malware. Also here.. There are also workarounds suggested, to get darktable downloaded or installed. As far as I know, it was never proven, that darktable did anything wrong. So, one could say it’s always false positive and the fault of the malware detection programs. However, you can never exclude, that somebody actually manipulated the binary.
In the end it’s your decision, whether you want to look for a workaround. Of cause, you can also open a bug report for darktable but my guess is that the developers can’t help.
Yep, I know another open source project whose servers were recently compromised and malware was distributed… So it is indeed possible.
If you are a customer of a certain antivirus, you should be able to report the file. Depending how well their support is, they will actually respond to such issues, look at the file and even remove the FP. Sometimes it also helps when the developer themselves are opening an issue…
I looked at the website of “bkav pro” (which seems to be a Vietnamese vendor?) but I cannot find anything to report a presumable FP. I also tried “Trapmine” but their website is not even loading (at least on my device)
There is always a way to install it regardless of what it says 
Tried downloading using MS edge. Defender blocked download! Reason stated, “this is not a commonly downloaded file”.
When did this download come out and perhaps I should wait a bit until more are downloaded? Never saw a message like that before.
Any work around’s to install this?
Seems bizarre, downloaded on several computers, ran through several ant virus and still same result. Malware detected, and Windows Defender will not let me install.
Never had an issue with any darktable files downloaded from their site before.
If you trust the installer, add an exception to Windows Defender. Provide Microsoft and other vendors a link to the package so that they can examine and add it to their whitelists. If you are resourceful, you could sandbox it (from, say, network connections) as a precaution, or install an older version that does not trigger Defender.
Likely a false positive because only two out of many flagged it and was detected by a generic algorithm meant to preempt potentially nefarious unknown code. Common for open-source software because we rely on volunteers to communicate what this is. The good thing about open-source is that researchers and investigators can check the code, so while malicious code can hide in plain sight or in dependencies, it should be easier to detect.
Anyway, this has affected quite a few apps, including MPC-HC. See response to bug report:
Has anyone run into this? I am trying to install 4.8.0 and my windows 11 defender is blocking. It will not let me install and says the file is a threat to my hard drive. I have never had this happen before with other darktable files being downloaded from the darktable site, and wonder if your file does have a virus.
I am downloading from the darktable site under Windows, file name darktable-4.8.0-win64.exe
Thank you
I just ran darktable 4.8.0 thorough Jotti and it also says malware was found. I downloaded through darktable.org as well.
Can darktable please get this corrected and issue a new file ASAP?
Thank you
Or it could be an issue with Jotti itself?