Ok, it sounds like compressing with upx isn't really a solution... (In reply to Steven Singer from comment #20) > ... > Looking at the behaviour in the antivirus sandbox (https://www.virustotal.com/gui/file/c3ad4ed82927cd7af7acf420d1c1abce85c556162d6ea30a3851c0c7f2054538/behavior) shows enough suspicious behaviour (system registry keys written, system registry keys deleted, windows services terminated) that I am not prepared to run the executable (a Windows expert may be able to say these are all harmless, but they're not _obviously_ clean). That is indeed the file (the byte size matches what was produced by CI: https://ci.appveyor.com/project/wlach/mozregression/branch/master) I suspect those are just default registry keys that any application would set when an executable is run, though I don't blame you for being suspicious! > In contrast 0.9.46 triggers just three obscure AV engines at low confidence, https://www.virustotal.com/gui/file/48682733dd4aaca242165e520ce7ba67ca9743fa07274ab49046c5406764f805/detection, and shows much more innocuous sandbox behaviour. 0.9.46 was built using cxFreeze (https://cx-freeze.readthedocs.io/en/latest/) which is more obscure (and thus probably less virus/trojans created with it) Talking with :glob, it sounds like what we might want to try is submit the .exe file to malware vendors to let them know it's harmless (signing, which I thought was *the* solution before might help with some, but not others).
Bug 1647533 Comment 21 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
Ok, it sounds like compressing with upx isn't really a solution... (In reply to Steven Singer from comment #20) > ... > Looking at the behaviour in the antivirus sandbox (https://www.virustotal.com/gui/file/c3ad4ed82927cd7af7acf420d1c1abce85c556162d6ea30a3851c0c7f2054538/behavior) shows enough suspicious behaviour (system registry keys written, system registry keys deleted, windows services terminated) that I am not prepared to run the executable (a Windows expert may be able to say these are all harmless, but they're not _obviously_ clean). That is indeed the file (the byte size matches what was produced by CI: https://ci.appveyor.com/project/wlach/mozregression/branch/master) I suspect those are just default registry keys that would be set incidentally when an executable is run, though I don't blame you for being suspicious! > In contrast 0.9.46 triggers just three obscure AV engines at low confidence, https://www.virustotal.com/gui/file/48682733dd4aaca242165e520ce7ba67ca9743fa07274ab49046c5406764f805/detection, and shows much more innocuous sandbox behaviour. 0.9.46 was built using cxFreeze (https://cx-freeze.readthedocs.io/en/latest/) which is more obscure (and thus probably less virus/trojans created with it) Talking with :glob, it sounds like what we might want to try is submit the .exe file to malware vendors to let them know it's harmless (signing, which I thought was *the* solution before might help with some, but not others).