Cumulus Support

I've been running Cumulus now for a few months with no issues. This evening I had need to stop Cumulus as I was doing some testing. However when I restarted the CumulusMx exe, errors were being reported as a file was missing. Looking a bit further, it was apparent Windows Defender has decided the following:

Detected item : Trojan:Win32/Peals.A!cl
Category: Trojan
Description: This program is dangerous and executes commands from an attacker.
Recommended action: Remove this software immediately.
Items:
containerfile:C:\Users\Trev\Downloads\CumulusMXDist3041.zip
file:C:\Users\Trev\Downloads\CumulusMXDist3041.zip->CumulusMX/Devart.Data.MySql.dll

Even re-installing from a new zip download of the Cumulus files, the same issue is being reported and Windows Defender removes the .dll file so i cannot run Cumulus again.

As I say, all was fine and dandy, until earlier this evening when stopping Cumulus temporarily.

Any others having the same issue....Is Defender reporting a false positive here ? Obviously a bit of an problem as I want to run Cumulus, but the only way I can do that is if I say 'allow' to the file and not remove it....

TrevP

I have scanned all CumulusMX files by MalwareBytes, Spybot Search and Destroy and Sophos Endpoint Security and Sophos Home. this is on my System and a new download from this forum.

I think your windows Defender is showing a definite false positive, unless the dll has become infected from a trojan on your system. Personally I dont trust Defender as a "good" AV solution. there are plenty of Free alternatives that do a far better job.

"Sophos Home" is very good.

A quick Google for "Win32/Peals.A!cl" finds this: https://www.microsoft.com/security/port ... 2147276824

"NOTE: On December 6, 2016, an incorrect detection for our cloud-based protection for Trojan:Win32/Peals.A!cl was identified and immediately fixed. To ensure that this issue is remediated, you can do a forced daily update to download your Microsoft antimalware and antispyware software. For details, see Updating your Microsoft antimalware and antispyware software."

Hopefully this thread title won't put off the casual observer from trying Cumulus MX

steve wrote:Hopefully this thread title won't put off the casual observer from trying Cumulus MX

I wonder how many Companies have had their products tainted by a pathetic MS app called Defender.

Toxic17 wrote:

steve wrote:Hopefully this thread title won't put off the casual observer from trying Cumulus MX

I wonder how many Companies have had their products tainted by a pathetic MS app called Defender.

Any company using a free consumer tool for security deserves to have their products tainted.

I think toxic meant - by false detections.

To be fair all the AV products do this from time to time.

steve wrote:A quick Google for "Win32/Peals.A!cl" finds this: https://www.microsoft.com/security/port ... 2147276824

"NOTE: On December 6, 2016, an incorrect detection for our cloud-based protection for Trojan:Win32/Peals.A!cl was identified and immediately fixed. To ensure that this issue is remediated, you can do a forced daily update to download your Microsoft antimalware and antispyware software. For details, see Updating your Microsoft antimalware and antispyware software."

Hopefully this thread title won't put off the casual observer from trying Cumulus MX

Hi Steve,

Apologies. It was not my intention to infer from the thread title that there WAS a trojan in the DLL, and from the content of the thread, I'm sure any reading the post would soon come to the conclusion that I was asking a generic question rather than accusing the software of actually having some malware/trojan within the download. I have now changed the title of the post.

I have no issues with Defender, it is not the only anti-virus software that reports false positives, far from iot, paid or unpaid software. I DO keep it updated and did update the definition file yesterday....I can only assume I updated before Microsoft issued the update.

Good to know that it was indeed a false positive.

regards

Trev

You might want to change the thread title then? Maybe something like... "CumulusMX - Possible Trojan/Malware In DLL? [no]"

mcrossley wrote:You might want to change the thread title then? Maybe something like... "CumulusMX - Possible Trojan/Malware In DLL? [no]"

Hi Mark,

I thought I had, but it seems the change didn't take. I will amend again.

Bit of a nightmare at the moment as I have updated Defender, and re-installed, but Cumulus is reporting that It still has a problem. I will persevere see if I can sort that...if not, i will raise it.

regards

Trev

You have to go back and edit your first post and change the Topic title in that as that is the one it uses for the Forum Topic List.