Post by lexikos » 14 Jun 2018, 19:15
I did. Anyone with a web browser which utilizes Google Safe Browsing (including Chrome and Firefox, at least) is likely to get that. I presume at least one build was affected by a false positive. It is not the first, or even second time, and frankly, I generally can't be bothered to fight against it. It is futile.
Google Search Console currently shows two sample URLs of "Harmful Downloads":
https:// autohotkey.com/download/1.0/AutoHotkey104414_Install.exe
https:// autohotkey.com/download/2.0/AutoHotkey_2.0-a092-840a364.zip
Not only new files cause false positives, but even well established ones: I think v1.0.0.44.14 is now 14 years old. virustotal currently shows 17/66 detections, and first submission in 2008 (which I think shows that the file hasn't changed in at least 10 years, making it likely to be the original file and not recently infected).
Google does not say which engines they use, or why else a download URL would be marked as malicious. I think that the false positives must be resolved with whatever engines they use before the alert can be removed, unless we remove every such file from the site.
I did. Anyone with a web browser which utilizes Google Safe Browsing (including Chrome and Firefox, at least) is likely to get that. I presume at least one build was affected by a false positive. It is not the first, or even second time, and frankly, I generally can't be bothered to fight against it. It is futile.
Google Search Console currently shows two sample URLs of "Harmful Downloads":
https:// autohotkey.com/download/1.0/AutoHotkey104414_Install.exe
https:// autohotkey.com/download/2.0/AutoHotkey_2.0-a092-840a364.zip
Not only new files cause false positives, but even well established ones: I think v1.0.0.44.14 is now 14 years old. virustotal currently shows 17/66 detections, and first submission in 2008 (which I think shows that the file hasn't changed in at least 10 years, making it likely to be the original file and not recently infected).
Google does not say which engines they use, or why else a download URL would be marked as malicious. I think that the false positives must be resolved with whatever engines they use before the alert can be removed, unless we remove every such file from the site.