Trojan?

Advanced Renamer forum
#1 : 18/10-20 14:58
Mario Alvarez
Mario Alvarez
Posts: 27
In Advanced Renamer Portable 3.87 Microsoft Defender detects the ARen.exe file as the Rogue:Win32/PrivacyCenter Trojan. Is this an error?


18/10-20 14:58
#2 : 18/10-20 16:54
David Lee
David Lee
Posts: 542
Reply to #1:

According to Defender on my PC the culprit is actually arenc.exe and downloads are blocked for both the installed and portable 32-bit versions.

Exactly the same issue occurred last year when ver 3.85 was first released so it's probably a false alarm but it wouldn't be a good idea to allow it even if it is safe, since it seems that the only way to do so would be to disable protection against Rogue:Win32/PrivacyCenter completely.

I've sent an email to Kim reporting the issue and hopefully he will respond here. Hopefully he will only need to submit a false positive report to Microsoft to get it resolved in a few days.

The issue is only with the 32-bit software - if you have a 64-bit version of Windows then the 64-bit version of ARen shouldn't cause any trouble.


18/10-20 16:54 - edited 18/10-20 17:00
#3 : 18/10-20 17:06
Blas
Blas
Posts: 4
Reply to #2:
I'm having the same issue with v3.87 64-bit.

I was using v3.85. Yesterday it said there's an upgrade and I updated to 3.87. I could open it and rename some files. This morning, a few hours later, Windows Defender blocks it saying "it contains a virus or unwanted software". I have no other antivirus installed.

I went back to v3.86 and everything's working fine.


18/10-20 17:06
#4 : 18/10-20 18:10
Douglas Giltner
Douglas Giltner
Posts: 1
I am having the same problem. Microsoft Defender Antivirus does not allow the program to run because of discovered threat. I also had to return to version 3.86.


18/10-20 18:10
#5 : 19/10-20 00:58
Sandra
Sandra
Posts: 1
Also the same problem. Yesterday it worked correctly, now i can't run program, windows block it. also i can't even download portable version - windows stop downloading it. The older version runs correctly.


19/10-20 00:58
#6 : 19/10-20 10:02
Kim Jensen
Kim Jensen
Administrator
Posts: 802
This is a false positive. Unfortunately it happens every time I release a new version of Advanced Renamer. And every time I submit a false positive report to Microsoft and they remove the false positive. I wish there were a more permanent fix for this.
Micorosoft has responded to my request and have removed the false positive for
32 bit installer
32 bit portable
64 bit installer

I have tested today. I still get a virus warning for 64 bit installer but not for 32 bit installer. I expect the problem to be fixed within 24 hours. Until then I have rolled back to version 3.86.1 as the official Advanced Renamer release.

This is the reply from Microsoft:

Analyst comments:

We have removed the detection. Please follow the steps below to clear cached detection and obtain the latest malware definitions.

1. Open command prompt as administrator and change directory to c:\Program Files\Windows Defender
2. Run “MpCmdRun.exe -removedefinitions -dynamicsignatures”
3. Run "MpCmdRun.exe -SignatureUpdate"

Alternatively, the latest definition is available for download here: https://www.microsoft.com/en-us/wdsi/definitions

Thank you for contacting Microsoft.


19/10-20 10:02 - edited 19/10-20 10:37
#7 : 19/10-20 10:45
Blas
Blas
Posts: 4
Reply to #6:
Thank you!


19/10-20 10:45