Windows defender - finds trojan

Hi, I only just recently removed KAV and using windows defender…
last week during a scan it picked up a torjan win32/BlockMsav.A!.reg

Affected Items:
regkeyvalue: HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{BF1D5A12-329A-4A4C-8DF1-7A7B2ADC0CE4}
regkeyvalue: HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{C521C98F-6466-4943-990A-702B8C39D60C}

so i removed it…

scanned again… all clean

Today I upgraded to glasswire 2.0 and the same results were picked up again. (i removed them)

Then did a clean install of glasswire 2 also setting the options to set firewall to defaults & clean install of glasswire data (as weird things were happening, stuff not connecting when it should of been)

clean install seemed to fix most stuff, but once again why is defender picking up registry entries after a glasswire install as a trojan??

@krevvy

We were getting similar reports for GlassWire 1.0 recently. We reported the false positive and we’re also looking to see what we can do on our end to solve it.

Hi, ok thanks!
removing these items will it break anything in glasswire?

are these items safe to leave alone or should i be removing?

Cheers

We have been unable to recreate this, so I’m not sure yet. I’ll try to find out from our team and I’m sorry for the problem.

It’s happening to me as well, but, for me, it started with GW 2.0.

Trojan:Win32/BlockMsav.A!reg

regkeyvalue: HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{9039F5E3-5B87-4889-B8D5-E526E55715D6}

It’s probably because I block every effing useless Microsoft’s processes and apps that I don’t even use and keep sending data. Windows 10 is a nightmare.

No big deal. I just disable this garbage Windows Defender.

windows 10 x64 build 1709

I get the same virus pop up too. And you may have hit the nail on the head - its because you block everything almost. I do the same thing and only let essential things out. I think Windows 10 is just calling it a virus because it does not know a firewall was installed and suddenly blocking all kinds of things that they want to get through.
But Defender removes it so what they are removing I don’t know, then it comes back.

I just downloaded the newest version and got the virus alert again. I can’t see how GW cannot seem to duplicate this.

@JHefile

Sorry, I have opened another ticket for this with our team. Thanks for your patience as we work hard on this major new upgrade.

@JHefile

Please try this update https://www.glasswire.com/download/. We think we solved it.

I changed over to this new version scanned and had the false virus. Okay maybe it was from before. Removed it rebooted and it came back again.
It seems Microsoft doesn’t want you messing with their firewall? I still get it upon a reboot after removing it.

@JHefile

Sorry for the hassle.

Can you try uninstalling GlassWire 2, then going to your Windows Firewall control panel and choose “restore defaults” then reboot, then reinstall GlassWire 2 using the “clean” install option in the installer, along with the option to reset the firewall there?

Now try and let me know your results.

This is not a hassle at all. I want to get this working and it seems to be working fine now.
I went and reset my firewall myself, installed the newest version from your site, when installing clicked the check box for fresh/new install, checked the box to reset the firewall, and upon start up and reboot no false virus was found.

I’ll update if ti comes back.

It came back again :frowning:

But to be fair I was blocking the Microsoft Anti-malware trying to talk out. I unblocked it. Let’s see if that makes a difference.

Capture

Not sure what to say as I unblocked blocking the antimalware and got it again. Good luck trying to sort this one.

@JHefile

Thanks. We’ll look at other options to solve this besides the changes we already made.

Hi there,

same problem with newest Free Avira 15.0.34.16 on Win 7 Ultimate: Found TR/Crypt.ZPACK.Gen2

Strangely enough Avira on Virustotal doesn’t find that.

Regards,
Ralf

@ralfeberle If you update your definitions with Avira, does it solve it?

Hi Ken,

with the newest update in this moment Glasswire.exe now is clean. But the same is still found in Uninstall.exe. It was so also yesterday, Sorry, I forgot to mention that.

Regards,
Ralf

1 Like

@ralfeberle

Please report it to them as a false positive and we will do the same: https://analysis.avira.com/en/submit

Thank you for letting us know.