GlassWire and Trojan:Win32/Fuerboos.Clcl false positive (solved)


#1

I noticed our GWUnlock.exe that prompts you to allow/deny changes to GlassWire’s settings is causing a false positive with Windows Defender and the new Windows 10 October 2018 Update. It falsely says one of the parts of GlassWire has the Fuerboos Windows Trojan.

Please note I’m using an unreleased version of GlassWire, so it’s possible this false positive may not happen with our current public version. Also please note this false positive can’t hurt anything on your PC.

This false positive appears if you try to unlock any of GlassWire’s locked settings.

If you already experienced this issue and already quarantined our GWUnlock.exe you can bring it back by going to the bottom right of your PC and clicking the Windows Security Icon.

Next go to “Virus and Threat Protection” then choose “Threat History” then you can “Allow” the threat and you’ll then be able to allow/deny settings changes again within GlassWire. We are going to make a change on our next update to solve this false positive in the future, plus I will submit the false positive to Microsoft now.

Update: Please see below that you must update your definitions and this false positive will go away.


#2

The false positive is now submitted to Microsoft.


#3

Microsoft has now updated their definitions to solve the issue. They said:

“Thank you for your inquiry. We have reviewed the file and we have removed the detection. Please try the following steps to clear cached detections and obtain the latest malware definitions. 1. Open command prompt as administrator and change directory to c:\Program Files\Windows Defender 2. Run “MpCmdRun.exe -removedefinitions -dynamicsignatures” The latest definition is available for download here: https://www.microsoft.com/en-us/wdsi/definitions Best regards, Windows Defender Response”