Loki.exe detected as malware
janstarke opened this issue · 7 comments
A customer of ours observed that their Malware scanner detects loki.exe and lokiupgrade.exe as being malware:
- https://www.virustotal.com/gui/file/04dfada7922b7a14599b8fb62e981c5658f5db8870e50fdf8578c88646ed789e
- https://www.virustotal.com/gui/file/10e96e408702e944833da244c64e33b4454743a13e991bdfc869c5ff96fb12b4
Knowing this, It seems to be hard to use Loki in situation where you assume a compromised system. Can you please take a look at what's going wrong?
I don't understand the question.
The question is: Why do some malware scanners think that loki.exe and lokiupgrade.exe are malware? Are they right?
I they were right and I were in fact a malware author, would you expect a sincere and honest answer?
I suspected an answer like, e.g.
lokicontains signatures of malware, which could lead to the misinterpretation thatlokiwas malwarelokihas < this special behaviour > which could be misinterpreted as malware behavior when run in a sandbox- some AV vendors don't like
loki, so they flag it as malware
I also thought that you already came across this problem and did some investigation. If someone had a problem with a security incident and had the idea to use loki, she would immediately stop using loki if the malware scanner would report loki as malware. My customer asked me, if it is save to use loki, even if their malware scanned complained about those files. What should I say? I will not suggest to ignore AV alerts.
As this might not be a bug of loki in the traditional sense, the categorization of loki as malware leads to the situation where people do not use loki. Which I think was not what we intended. Right?
It caused by bad signatures used by the Antivirus engines. I can't change their signatures.
Maybe it's time to use a professional tool for this type of engagement with customers?
This issue is already documented:
https://github.com/Neo23x0/Loki#antivirus---false-positives
Kind regards,