Welcome to the Cumulus Support forum.
Latest Cumulus MX V3 release 3.28.6 (build 3283) - 21 March 2024
Cumulus MX V4 beta test release 4.0.0 (build 4017) - 17 March 2024
Legacy Cumulus 1 release v1.9.4 (build 1099) - 28 November 2014 (a patch is available for 1.9.4 build 1099 that extends the date range of drop-down menus to 2030)
Download the Software (Cumulus MX / Cumulus 1 and other related items) from the Wiki
Latest Cumulus MX V3 release 3.28.6 (build 3283) - 21 March 2024
Cumulus MX V4 beta test release 4.0.0 (build 4017) - 17 March 2024
Legacy Cumulus 1 release v1.9.4 (build 1099) - 28 November 2014 (a patch is available for 1.9.4 build 1099 that extends the date range of drop-down menus to 2030)
Download the Software (Cumulus MX / Cumulus 1 and other related items) from the Wiki
Re: CumulusMX - Trojan/Malware In DLL ? - Nope, Defender Reporting False Positive
Moderator: mcrossley
-
- Posts: 8
- Joined: Tue 02 Aug 2016 8:44 pm
- Weather Station: WMR 928
- Operating System: Windows 10
- Location: Peterborough
Re: CumulusMX - Trojan/Malware In DLL ? - Nope, Defender Reporting False Positive
I've been running Cumulus now for a few months with no issues. This evening I had need to stop Cumulus as I was doing some testing. However when I restarted the CumulusMx exe, errors were being reported as a file was missing. Looking a bit further, it was apparent Windows Defender has decided the following:
Detected item : Trojan:Win32/Peals.A!cl
Category: Trojan
Description: This program is dangerous and executes commands from an attacker.
Recommended action: Remove this software immediately.
Items:
containerfile:C:\Users\Trev\Downloads\CumulusMXDist3041.zip
file:C:\Users\Trev\Downloads\CumulusMXDist3041.zip->CumulusMX/Devart.Data.MySql.dll
Even re-installing from a new zip download of the Cumulus files, the same issue is being reported and Windows Defender removes the .dll file so i cannot run Cumulus again.
As I say, all was fine and dandy, until earlier this evening when stopping Cumulus temporarily.
Any others having the same issue....Is Defender reporting a false positive here ? Obviously a bit of an problem as I want to run Cumulus, but the only way I can do that is if I say 'allow' to the file and not remove it....
TrevP
Detected item : Trojan:Win32/Peals.A!cl
Category: Trojan
Description: This program is dangerous and executes commands from an attacker.
Recommended action: Remove this software immediately.
Items:
containerfile:C:\Users\Trev\Downloads\CumulusMXDist3041.zip
file:C:\Users\Trev\Downloads\CumulusMXDist3041.zip->CumulusMX/Devart.Data.MySql.dll
Even re-installing from a new zip download of the Cumulus files, the same issue is being reported and Windows Defender removes the .dll file so i cannot run Cumulus again.
As I say, all was fine and dandy, until earlier this evening when stopping Cumulus temporarily.
Any others having the same issue....Is Defender reporting a false positive here ? Obviously a bit of an problem as I want to run Cumulus, but the only way I can do that is if I say 'allow' to the file and not remove it....
TrevP
Last edited by trevbrp on Wed 07 Dec 2016 11:41 pm, edited 1 time in total.
- ConligWX
- Posts: 1570
- Joined: Mon 19 May 2014 10:45 pm
- Weather Station: Davis vPro2+ w/DFARS + AirLink
- Operating System: Ubuntu 22.04 LTS
- Location: Bangor, NI
- Contact:
Re: CumulusMX - Trojan/Malware In DLL
I have scanned all CumulusMX files by MalwareBytes, Spybot Search and Destroy and Sophos Endpoint Security and Sophos Home. this is on my System and a new download from this forum.
I think your windows Defender is showing a definite false positive, unless the dll has become infected from a trojan on your system. Personally I dont trust Defender as a "good" AV solution. there are plenty of Free alternatives that do a far better job.
"Sophos Home" is very good.
I think your windows Defender is showing a definite false positive, unless the dll has become infected from a trojan on your system. Personally I dont trust Defender as a "good" AV solution. there are plenty of Free alternatives that do a far better job.
"Sophos Home" is very good.
You do not have the required permissions to view the files attached to this post.
Regards Simon
https://www.conligwx.org - @conligwx
Davis Vantage Pro2 Plus with Daytime FARS • WeatherLink Live • Davis AirLink • PurpleAir •
https://www.conligwx.org - @conligwx
Davis Vantage Pro2 Plus with Daytime FARS • WeatherLink Live • Davis AirLink • PurpleAir •
- steve
- Cumulus Author
- Posts: 26702
- Joined: Mon 02 Jun 2008 6:49 pm
- Weather Station: None
- Operating System: None
- Location: Vienne, France
- Contact:
Re: CumulusMX - Trojan/Malware In DLL
A quick Google for "Win32/Peals.A!cl" finds this: https://www.microsoft.com/security/port ... 2147276824
"NOTE: On December 6, 2016, an incorrect detection for our cloud-based protection for Trojan:Win32/Peals.A!cl was identified and immediately fixed. To ensure that this issue is remediated, you can do a forced daily update to download your Microsoft antimalware and antispyware software. For details, see Updating your Microsoft antimalware and antispyware software."
Hopefully this thread title won't put off the casual observer from trying Cumulus MX
"NOTE: On December 6, 2016, an incorrect detection for our cloud-based protection for Trojan:Win32/Peals.A!cl was identified and immediately fixed. To ensure that this issue is remediated, you can do a forced daily update to download your Microsoft antimalware and antispyware software. For details, see Updating your Microsoft antimalware and antispyware software."
Hopefully this thread title won't put off the casual observer from trying Cumulus MX
Steve
- ConligWX
- Posts: 1570
- Joined: Mon 19 May 2014 10:45 pm
- Weather Station: Davis vPro2+ w/DFARS + AirLink
- Operating System: Ubuntu 22.04 LTS
- Location: Bangor, NI
- Contact:
Re: CumulusMX - Trojan/Malware In DLL
I wonder how many Companies have had their products tainted by a pathetic MS app called Defender.steve wrote:Hopefully this thread title won't put off the casual observer from trying Cumulus MX
Regards Simon
https://www.conligwx.org - @conligwx
Davis Vantage Pro2 Plus with Daytime FARS • WeatherLink Live • Davis AirLink • PurpleAir •
https://www.conligwx.org - @conligwx
Davis Vantage Pro2 Plus with Daytime FARS • WeatherLink Live • Davis AirLink • PurpleAir •
-
- Posts: 272
- Joined: Tue 28 May 2013 1:06 am
- Weather Station: Davis VP2 Plus
- Operating System: Raspian Buster (RPi 3b)
- Location: Tulsa, OK
Re: CumulusMX - Trojan/Malware In DLL
Any company using a free consumer tool for security deserves to have their products tainted.Toxic17 wrote:I wonder how many Companies have had their products tainted by a pathetic MS app called Defender.steve wrote:Hopefully this thread title won't put off the casual observer from trying Cumulus MX
- mcrossley
- Posts: 12685
- Joined: Thu 07 Jan 2010 9:44 pm
- Weather Station: Davis VP2/WLL
- Operating System: Bullseye Lite rPi
- Location: Wilmslow, Cheshire, UK
- Contact:
Re: CumulusMX - Trojan/Malware In DLL
I think toxic meant - by false detections.
To be fair all the AV products do this from time to time.
To be fair all the AV products do this from time to time.
-
- Posts: 8
- Joined: Tue 02 Aug 2016 8:44 pm
- Weather Station: WMR 928
- Operating System: Windows 10
- Location: Peterborough
Re: CumulusMX - Trojan/Malware In DLL - False Positive ?
Hi Steve,steve wrote:A quick Google for "Win32/Peals.A!cl" finds this: https://www.microsoft.com/security/port ... 2147276824
"NOTE: On December 6, 2016, an incorrect detection for our cloud-based protection for Trojan:Win32/Peals.A!cl was identified and immediately fixed. To ensure that this issue is remediated, you can do a forced daily update to download your Microsoft antimalware and antispyware software. For details, see Updating your Microsoft antimalware and antispyware software."
Hopefully this thread title won't put off the casual observer from trying Cumulus MX
Apologies. It was not my intention to infer from the thread title that there WAS a trojan in the DLL, and from the content of the thread, I'm sure any reading the post would soon come to the conclusion that I was asking a generic question rather than accusing the software of actually having some malware/trojan within the download. I have now changed the title of the post.
I have no issues with Defender, it is not the only anti-virus software that reports false positives, far from iot, paid or unpaid software. I DO keep it updated and did update the definition file yesterday....I can only assume I updated before Microsoft issued the update.
Good to know that it was indeed a false positive.
regards
Trev
- mcrossley
- Posts: 12685
- Joined: Thu 07 Jan 2010 9:44 pm
- Weather Station: Davis VP2/WLL
- Operating System: Bullseye Lite rPi
- Location: Wilmslow, Cheshire, UK
- Contact:
Re: CumulusMX - Trojan/Malware In DLL
You might want to change the thread title then? Maybe something like... "CumulusMX - Possible Trojan/Malware In DLL? [no]"
-
- Posts: 8
- Joined: Tue 02 Aug 2016 8:44 pm
- Weather Station: WMR 928
- Operating System: Windows 10
- Location: Peterborough
Re: CumulusMX - Trojan/Malware In DLL ? - Nope, Defender Reporting False Positive
Hi Mark,mcrossley wrote:You might want to change the thread title then? Maybe something like... "CumulusMX - Possible Trojan/Malware In DLL? [no]"
I thought I had, but it seems the change didn't take. I will amend again.
Bit of a nightmare at the moment as I have updated Defender, and re-installed, but Cumulus is reporting that It still has a problem. I will persevere see if I can sort that...if not, i will raise it.
regards
Trev
-
- Posts: 3215
- Joined: Sat 13 Aug 2011 9:33 am
- Weather Station: Ecowitt HP2551
- Operating System: Windows 10 64bit
- Location: Burnham-on-Sea
- Contact:
Re: CumulusMX - Trojan/Malware In DLL
You have to go back and edit your first post and change the Topic title in that as that is the one it uses for the Forum Topic List.