How come PSoC Programmer 3.27.3 does not pass Virustotal check ?

Tip / Sign in to post questions, reply, level up, and achieve exciting badges. Know more

cross mob
seorc_2091016
Level 1
Level 1

Scan result are mostly OK  only 3 out of 57 virus engines search but failed 3 scanners, and I hope is false positive

https://www.virustotal.com/#/file/544380f8a0223943a96ed1a994c5b7b88da7a75546e6a922432ecafbc3c5824e/d...

File in question:   PSoCProgrammerSetup_3.27.3_b3144.exe

Scan yield 2 failures :

1) Cylance :                     unsafe    

2) NANO-Antivirus          Riskware.Win32.Adw.dznqkq

3)  VBA32 :                     BScope.Trojan.Scar   Ad-Aware

Second issue :

http://www.cypress.com/documentation/software-and-drivers/psoc-programmer-3245

How come site is not HTTPS secured

Certificate show unsecured connection

Capture2.JPG

0 Likes
3 Replies
JamesT_21
Moderator
Moderator
Moderator
10 solutions authored 5 solutions authored First solution authored

Just so you know, we're checking relative to the virus report. I am 99.99% positive this is a false positive, but I have asked the engineering team to double check the .exe file.

I'm the technical marketing manager for PSoC Programmer, so the query made it pretty quickly to the right place.

I can't speak to why cypress.com is not https.

Jim

0 Likes

Thanks for the fast response .

I do appreciate it.

Sincerely Sean

0 Likes

Sean,

An update regarding the virus report. Engineering has investigated. It's impossible to prove something ISN'T there, but we remain quite sure it is a false positive. We have contacted the makers of the virus checking software to see if we can learn something about what pattern they are responding to, and perhaps add another 9 to the level of certainty. There may never be a definitive answer.

One of the engineers pointed me to an interesting (?) article on false positives in HelloWorld.

Here's why the scanners on VirusTotal flagged Hello World as harmful | CSO Online

One of them is Cylance, which you reported here. I have a suspicion that the underlying machine learning has identified "things that work at low level" as potential problems. And there is no doubt that PSoC Programmer is designed to modify a system at its most basic, by overwriting flash. So the engine behind Cylance (and likely the others) is seeing what it considers suspicious behavior, and defaults to "this may not be safe."

Anyway, we are still investigating, because we take this seriously. Thanks again for the report.

Jim