Potential trojan? #16
Comments
|
False positive. One thing Defender is particularly good at is detecting activators for Micro$oft's own products. |
|
False positive. |
|
False positive |
1 similar comment
|
False positive |
|
Could really do with some help as Eset security keeps removing the KMS_VL_ALL_AIO even after excluding it. I have installed |
ESET Endpoint Security is managed by an ESET Protect server in which you now create the exclusions and they get sent through the agents to your endpoints. From what I can tell you, SppExtComObjHook.dll is not flagged when it renews the KMS licence periodically, VMs have no issue renewing their licence even without the file excluded, just setting up the auto renewal at the beginning gets flagged |
Thanks for the info well appreciated. at least I don't have to worry about the SppExtComObjHook.dll file which is handy as for the other part I have kept the KMS_VL_ALL_AIO in a zipped file and eset seems to leave that alone so at least I know I just have to disable eset while installing. |
Yep! The exclusion gets sent and will apply straight away. I no longer need to disable ESET at all |
|
Thanks so much for clearing that up for me I hope that is the case eventually! but have added KMS_VL_ALL_AIO.cmd and just KMS_VL_ALL_AIO to both Performance and Detection exclusions but it's still quarantining the file when I click on it but as long as it doesn't pick up SppExtComObjHook.dll doing it's job I don't mind have added that as well. just have to keep the file zipped and turn off AV before installing but hopefully it kicks in with endpoints and leaves it alone, I've been testing differant software so hence my need to silence AV as eset is getting on my last nerve :/ . |
|
Allow me to rephrase that :) seems to have finally kicked hooray. I just tried again after posting comment lol and eset haven't eaten it wow . did take quite a while though not sure why that was!. |
|
Issue can be closed |
It's not that I'm worried about this any more as I have pretty much given up trying as I thought it had stopped!!. but it's still flagging it up looks like exclusions not being accepted for what ever reason no matter how many times I add it. starting to really dislike eset. I have never had problems with eset like this before it has always been easy to control and have used many cracks, trainers and patches with no issues after adding them to list if needed. |
Some antivirus really hates the windows activator. That's why I had installed Kaspersky but its license got expired back in 2019 so for now I have added Avast but planning to remove them aswell. I always disable windows defender as it's naggy as hell. I have used that same script in 5 devices including mine (Windows Defender, Avast, Kaspersky) not one single reported as malware nor removed it. Maybe change the antivirus? |
|
Yer as I said not really worried about it being a malware as such as I know most AVs pick up activators, patches and allot of game trainers even ones I know are 100% safe, this thread was more about trying and get Eset to stop being a massive pain the the arse and exclude a file when told to but like most software and governments today just seem to want to force their wants on you :/ which Eset now seems to be no exception. it used to be bang on software and never flagged trainers or cracks but now it's just picking up everything maybe their being paid to embarrass the wants of the copyright brigade, who knows. anyway pretty much given up with asking Eset to exclude it just doesn't want to comply. might think twice about installing Eset again when it acts as stroppy as all the freeware. |
|
@Francismori7 @KcrPL @ChrisChrome @CitizenDroid First of all, I don't know much about batch file language. But can you guys tell me the meaning of the code between line number 3979 to 4722 ( stated below )? it looks like some hidden encoded malicious code with some decoded function. KMS_VL_ALL_AIO/KMS_VL_ALL_AIO.cmd Line 3979 in d03dbff KMS_VL_ALL_AIO/KMS_VL_ALL_AIO.cmd Line 4722 in d03dbff |
|
From read me,
The traditional pack is posted here |
|
Windows Defender resulted this activator as a virus. |
It was discussed hundred of times. Read the discussion! |
|
While once upon a time it was handy using cracks like this it’s not really needed anymore you can obtain a licence via ebay or other sites offering ms office and loads of other usefull software at a Rez till of the normal cost just Google it the hard legit licences I paid £12 fof office so why take any risk any more. You don’t need to bug a as licence for windows so don’t bdd ed filled use your old windows licence it will activate windows 10 or 11 you can check places like kinguin. net for legit stuff and other sites like it don’t use Etsy they allow cracked bent software and ard a pin to get your money back |
Doesn't make it worth the time nor the hassle, a total waste of a rant. |
Much like your pointless comment! but here you are still taking the time and hassle replying to something that you need not! what a Knobend!. |
You cannot use W7 keys to activate new versions of Windows anymore. Maybe you should learn something first and then try to teach someone else. |
Jesus do sad little twats like you just troll people because your bird of life or does it make you feel clever and important. even if that’s true had it harmed any one ! F***ing sad twat |
|
I upgraded from Win10 LTSC to Win11 LTSC. I was used to permantly disable Defender via GPO/registry. This seems not work with Win11 anymore. So I experienced the anoying security alerts concerning the KMS script. I made an exclusion for the unzipped file, so it does not get deleted by Defender. Just for my understanding, what part of the script gets the false positive reaction from Defender? Is it the script in general or the autorenewal part? If its the ladder, would a "light version" with only manual activation do the trick? I personally only use the manual option and run the script after the activation expired. Is a manual only version available? |
Mostly the embedded dll files (required for activation regardless mode) |
The AIO gets quarantined right after the download (zipped and password protected). The unzipped cmd-file gets quarantined too. Your "traditional" version is neither quarantined as a zipped file nor after unpacking. I could run the cmd (Defener active) and it completed the manual activation without any notification. It seems the "AIO" part is the problem. Where can I download the traditional version for future updates? Is that a different Github project? Anyway, thanks for the alternative version. |
The AIO.7z is specifically flagged by its hash (probably because it's more popular and published here) https://pastebin.com/cpdmr6HZ or https://rentry.co/KMS_VL_ALL (also listed in AIO ReadMe) always point to latest AIO and Traditional |
¿Y qué haces acá entonces? Si no te gusta, vete a comprarlo por tu cuenta y deja de molestar. |
|
top |
After downloading and using this to active MS Office, Windows Defender flagged a threat called "Win32/Uwamson.A!ml". Different google results indicate that this is either a trojan, ransomware or just a false positive. I was able to quarantine and remove it without any problems, but I thought I'd bring it up here just in case.
The text was updated successfully, but these errors were encountered: