Notepad++ 7.4 - FP

NeM1 · May 16, 2017, 2:22am

Notepad++ 7.4 is detected as a malware in antivirus events.

Product site: https://notepad-plus-plus.org/download/v7.4.html
Download link: https://notepad-plus-plus.org/repository/7.x/7.4/npp.7.4.Installer.exe
Name of detection: Application.Win32.Firseria.GH@333624848
CIS Database: 27097
CIS version: 10.0.1.6223
Temporary action taken: Added to Exclusions

fatih.orhan · May 16, 2017, 2:24am

Hi NeM, thank you for reporting this case. We’ll analyze and correct fp if necessary. I’ll inform about changes.

umesh · May 16, 2017, 6:13am

Hi NeM,
May you please share snapshot of that event from interface?

Thanks
-umesh

NeM1 · May 16, 2017, 6:37am

See attached screenshot.

umesh · May 16, 2017, 6:51am

Thanks NeM,
Notepad++ is digitally signed and signer is in Trusted Vendor List.

Did you make any changes in default CIS configuration?

Thanks
-umesh

futuretech · May 16, 2017, 1:32pm

The specific file is updater\GUP.exe within the installer. If you extract GUP.exe and scan then it comes up clean so its the way it is stored in the installer that triggers the detection. This was a manual scan of the installer.

NeM1 · May 17, 2017, 9:01am

Ok, thank you :-TU

This a non-issue - as pointed out by Umesh, it turns out Notepad++ was not in my Trusted Vendors list. After adding and re-scanning, the results was clean.

umesh · May 17, 2017, 10:18am

Hi futuretech,
Can you please try to re-scan same setup ensuring you have AV database v27099 or above?

Thanks
-umesh

futuretech · May 17, 2017, 2:40pm

Seems fixed.

umesh · May 17, 2017, 2:45pm

Hi futuretech,
When you observed detection earlier, did you have Notepad++ in trusted vendor list?

Thanks
-umesh

futuretech · May 17, 2017, 3:03pm

Yes it is listed in trusted vendors list.