Solved
Cygwin False Positive
+1I attempted to download Cygwin (64-bit version) for my Windows 7 virtual machine, but I'm getting an alert saying it contains the W32.Trojan.Gen threat. I find this highly suspect, as I know Cygwin is a legitimate application; I use it at work all the time, and I know my company is extremely strict about what applications they allow the IT staff to install. Is this truly malware? I really could have used this application tonight, but out of an abundance of caution, I'll wait for your word.
Best answer by DanP
@ wrote:
I attempted to download Cygwin (64-bit version) for my Windows 7 virtual machine, but I'm getting an alert saying it contains the W32.Trojan.Gen threat. I find this highly suspect, as I know Cygwin is a legitimate application; I use it at work all the time, and I know my company is extremely strict about what applications they allow the IT staff to install. Is this truly malware? I really could have used this application tonight, but out of an abundance of caution, I'll wait for your word.
I was able to identify and correct a False Positive associated with the Cygwin installer. It is safe to restore that file from Quarantine if you have not already done so.
Thanks,
-Dan
Hi brython
Welcome to the Ccommunity Forums.
You are wise to be cautious...it always pays to be. I have checked out the site that you have provided and as far as the reputation of it goes it seems to be top notch/trustworthy. As a result I can only suggest that this alert re. a W32.Trojan.Gen threat is a rare false positive on WSA behalf.
As such your best approach here will be to Open a Suport Ticket to let the Support Team know of the issue and request that they whitelist the file concerned for you so that WSA no longer reports it as a possible threat. To save you time you can provide a link to this thread so as to not to have to provide all the information again.
Opening the Ticket should also upload logs that the Support Team can use to find the precise file concerned but if they need more data then they will contact you via the ticket and provide a detailed request as to what you need to do.
I hope that the above is of assistance?
Regards, Baldrick
Welcome to the Ccommunity Forums.
You are wise to be cautious...it always pays to be. I have checked out the site that you have provided and as far as the reputation of it goes it seems to be top notch/trustworthy. As a result I can only suggest that this alert re. a W32.Trojan.Gen threat is a rare false positive on WSA behalf.
As such your best approach here will be to Open a Suport Ticket to let the Support Team know of the issue and request that they whitelist the file concerned for you so that WSA no longer reports it as a possible threat. To save you time you can provide a link to this thread so as to not to have to provide all the information again.
Opening the Ticket should also upload logs that the Support Team can use to find the precise file concerned but if they need more data then they will contact you via the ticket and provide a detailed request as to what you need to do.
I hope that the above is of assistance?
Regards, Baldrick
+35- OpenText Employee
- Answer
@ wrote:
I attempted to download Cygwin (64-bit version) for my Windows 7 virtual machine, but I'm getting an alert saying it contains the W32.Trojan.Gen threat. I find this highly suspect, as I know Cygwin is a legitimate application; I use it at work all the time, and I know my company is extremely strict about what applications they allow the IT staff to install. Is this truly malware? I really could have used this application tonight, but out of an abundance of caution, I'll wait for your word.
I was able to identify and correct a False Positive associated with the Cygwin installer. It is safe to restore that file from Quarantine if you have not already done so.
Thanks,
-Dan
Hi Dan
Many thanks for the confirmation of the FP...always good to get the Professionals' position on this sort of thing.
Regards, Baldrick
Many thanks for the confirmation of the FP...always good to get the Professionals' position on this sort of thing.
Regards, Baldrick
+35- OpenText Employee
I keep an eye out for these kind of things. It is always best to submit a support ticket if you suspect a False Positive.@ wrote:
Hi Dan
Many thanks for the confirmation of the FP...always good to get the Professionals' position on this sort of thing.
Regards, Baldrick
Whenever I see a report of a FP on any of the other forums I participate in I always suggest they contact the vendor that detected the file.
-Dan
Thanks, Dan
That is good to know...I will certainly keep that nugget of information in mind for the future.
Regards, Baldrick
That is good to know...I will certainly keep that nugget of information in mind for the future.
Regards, Baldrick
+1Thanks, @ and @ ! I really appreciate the help and will keep your suggestions in mind next time I run across something.
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.