Tell Posted October 29, 2020 Share Posted October 29, 2020 So, the latest release of CloudDrive.UI.exe is being detected by multiple AV engines as various forms of malware or potentially unwanted application. Anybody else seeing this? Have a look at the VirusTotal report of CloudDrive.UI.exe. I was alerted by Windows Defender. I’d welcome other members of the community to submit their own CloudDrive.UI.exe to VirusTotal to see if I’m the only one getting this. Quote Link to comment Share on other sites More sharing options...
0 Viktor Posted October 29, 2020 Share Posted October 29, 2020 I had a similar issue a few months ago, when BitDefender quarantined the service executable (CloudDrive.Service.exe) and stopped CloudDrive completely. I opened a StableBit support request and was told, that such AV detections of their (obfuscated) binaries are not uncommon. However, I got it quickly fixed by reporting the file as a false positive to BitDefender. It took only a few hours to get a new signature update, which recognized the CloudDrive binary as clean. What also helps, is to put the CloudDrive files (or the entire program folder) to the exception list of your AV engine. (Btw, the UI file of my CloudDrive version (1.2.0.1316 BETA) is detected by 3 engines). Quote Link to comment Share on other sites More sharing options...
0 Tell Posted October 30, 2020 Author Share Posted October 30, 2020 One more engine on VirusTotal is now detecting this as malware, bringing the total to 9 engines. I’ll reach out to CoveCube to bring this to their attention (or do we have @Christopher (Drashna) here now?) Quote Link to comment Share on other sites More sharing options...
0 fly Posted October 30, 2020 Share Posted October 30, 2020 I'm also seeing this error from Windows Defender. My CloudDrive was recently updated. Can we confirm that no malware got into this? Quote Link to comment Share on other sites More sharing options...
0 srcrist Posted October 30, 2020 Share Posted October 30, 2020 You'd have to ask via the contact form to get some sort of confirmation: https://stablebit.com/Contact Though this is almost certainly just a false positive. They're not uncommon. I only see two detections on my version, in any case (https://www.virustotal.com/gui/file/1c12d59c11f5d362ed34d16a170646b1a5315d431634235da0a32befa5c5ec5c/detection). So Tell's rising number of detections may be indicative of another (scarier) problem. Or just overzealous engines throwing alarms about kernel-mode software. Quote Link to comment Share on other sites More sharing options...
0 Tell Posted October 30, 2020 Author Share Posted October 30, 2020 I just submitted a support request using the link you provided @srcrist, thanks. I can see that my version of the file is signed by the developers, so it seems highly likely that it’s a false positive, but it’s very worrying that you’re all getting different results with your versions of what should be the same file. Quote Link to comment Share on other sites More sharing options...
0 srcrist Posted October 30, 2020 Share Posted October 30, 2020 Yeah, I mean, I still wouldn't worry too much until you talk with Christopher and Alex via the contact form. The truth is that CloudDrive would be relatively scary looking software for an engine that is looking for spoopy behavior and isn't familiar with its specific signature. It has kernel-mode components, interacts with services, hooks network adapters, accesses the cpu clock, and does things to Windows' I/O subsystem based on network input. Take a second and think about how that must look to an algorithm looking for things that are harming your PC via the internet. By all means, exercise some level of caution until you get some confirmation from Covecube, but I wouldn't be terribly concerned just yet. CloudDrive just looks shady to any engine that doesn't know what its actually doing--and there aren't many tools that do what it does. Quote Link to comment Share on other sites More sharing options...
0 Tetradi Posted October 30, 2020 Share Posted October 30, 2020 My CloudDrive.UI.exe file got its first flag and was autoremoved a few days ago. I had to repair the install and it continues to get flagged. Quote Link to comment Share on other sites More sharing options...
0 Tell Posted October 30, 2020 Author Share Posted October 30, 2020 @Tetradi Your file is triggering with the same pattern as mine ("PUA:Win32/Puasson.A!ml"). Let's hope CoveCube can sort this out soon. Paging @Christopher (Drashna) and @Alex :-) Quote Link to comment Share on other sites More sharing options...
0 fly Posted October 30, 2020 Share Posted October 30, 2020 Just an update, I got a response from @Christopher (Drashna). According to him, this is a false positive. I sincerely hope that is the case, and if so, how do we get it cleared on all these sites? Quote Link to comment Share on other sites More sharing options...
Question
Tell
So, the latest release of CloudDrive.UI.exe is being detected by multiple AV engines as various forms of malware or potentially unwanted application. Anybody else seeing this?
Have a look at the VirusTotal report of CloudDrive.UI.exe. I was alerted by Windows Defender.
I’d welcome other members of the community to submit their own CloudDrive.UI.exe to VirusTotal to see if I’m the only one getting this.
Link to comment
Share on other sites
9 answers to this question
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.