Jump to content
  • 0

CloudDrive.UI.exe detected as malware by multiple antivirus engines


Tell

Question

So, the latest release of CloudDrive.UI.exe is being detected by multiple AV engines as various forms of malware or potentially unwanted application. Anybody else seeing this?

Have a look at the VirusTotal report of CloudDrive.UI.exe. I was alerted by Windows Defender.

I’d welcome other members of the community to submit their own CloudDrive.UI.exe to VirusTotal to see if I’m the only one getting this.

9DA31A5C-4DDF-4734-B9D8-E9AC0105A685.jpeg

Link to comment
Share on other sites

9 answers to this question

Recommended Posts

  • 0

I had a similar issue a few months ago, when BitDefender quarantined the service executable (CloudDrive.Service.exe) and stopped CloudDrive completely. I opened a StableBit support request and was told, that such AV detections of their (obfuscated) binaries are not uncommon.  

However, I got it quickly fixed by reporting the file as a false positive to BitDefender. It took only a few hours to get a new signature update, which recognized the CloudDrive binary as clean.

What also helps, is to put the CloudDrive files (or the entire program folder) to the exception list of your AV engine.

(Btw, the UI file of my CloudDrive version (1.2.0.1316 BETA) is detected by 3 engines).

Link to comment
Share on other sites

  • 0

You'd have to ask via the contact form to get some sort of confirmation: https://stablebit.com/Contact

Though this is almost certainly just a false positive. They're not uncommon.

I only see two detections on my version, in any case (https://www.virustotal.com/gui/file/1c12d59c11f5d362ed34d16a170646b1a5315d431634235da0a32befa5c5ec5c/detection).

So Tell's rising number of detections may be indicative of another (scarier) problem. Or just overzealous engines throwing alarms about kernel-mode software.

Link to comment
Share on other sites

  • 0

I just submitted a support request using the link you provided @srcrist, thanks.

I can see that my version of the file is signed by the developers, so it seems highly likely that it’s a false positive, but it’s very worrying that you’re all getting different results with your versions of what should be the same file.

Link to comment
Share on other sites

  • 0

Yeah, I mean, I still wouldn't worry too much until you talk with Christopher and Alex via the contact form. The truth is that CloudDrive would be relatively scary looking software for an engine that is looking for spoopy behavior and isn't familiar with its specific signature. It has kernel-mode components, interacts with services, hooks network adapters, accesses the cpu clock, and does things to Windows' I/O subsystem based on network input. Take a second and think about how that must look to an algorithm looking for things that are harming your PC via the internet.

By all means, exercise some level of caution until you get some confirmation from Covecube, but I wouldn't be terribly concerned just yet. CloudDrive just looks shady to any engine that doesn't know what its actually doing--and there aren't many tools that do what it does.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...