fiddyschmitt
Release v2.4.0 Detected As Malware
Tried to use your app today but my antimalware package (Norton Internet Security) detected it as malware and quarantined it. Multiple AV vendors are also detecting it as malware according to Virus Total. I don't know what, if anything, you can do about this.
I hope this helps.
David.
Hah, interesting. Thanks David. I suspect it's related to how it runs 7-Zip in a secondary desktop. I'll look into it! Thanks David
I couldn't find it on Virus Total and none of my AVs said anything about it.
Could you please provide a link if possible? Thanks
VirusTotal links for clonezilla-util.v2.4.0.win-x64.zip [here] and for clonezilla-util.exe [here] Note: I just uploaded the files.
Screenshots:
Note: the first screenshot from Norton Internet Security shows quarantining based on signature detection, I then disabled 'Auto Protect' and tried to run it again but then 'Behaviour Detection' quarantined it! I figured at this point perhaps I shouldn't be trying so hard to bypass my computer's defences!!
Just received a similar treatment from Avast Antivirus (free). No Dokan driver installed, runned this command:
PS C:\Users\Public\clonezilla-util.v2.4.0.win-x64> .\clonezilla-util.exe extract-partition-image --input "E:\AW_Win10_DISK_2025-02-03-img" --output C:\Test
Program 'clonezilla-util.exe' failed to run: Access is deniedAt line:1 char:1
+ .\clonezilla-util.exe extract-partition-image --input "E:\AW_Win10_DI ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.
At line:1 char:1
+ .\clonezilla-util.exe extract-partition-image --input "E:\AW_Win10_DI ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ResourceUnavailable: (:) [], ApplicationFailedExc
eption
+ FullyQualifiedErrorId : NativeCommandFailed
Thanks Emanuele, I'll have to look into why it would be triggering that
On Tue, 4 Feb 2025, 21:18 Emanuele Fabrizio, @.***> wrote:
Just received a similar treatment from Avast Antivirus (free). No Dokan driver installed, runned this command:
PS C:\Users\Public\clonezilla-util.v2.4.0.win-x64> .\clonezilla-util.exe extract-partition-image --input "E:\AW_Win10_DISK_2025-02-03-img" --output C:\Test Program 'clonezilla-util.exe' failed to run: Access is deniedAt line:1 char:1
- .\clonezilla-util.exe extract-partition-image --input "E:\AW_Win10_DI ...
At line:1 char:1
- .\clonezilla-util.exe extract-partition-image --input "E:\AW_Win10_DI ...
+ CategoryInfo : ResourceUnavailable: (:) [], ApplicationFailedExc eption + FullyQualifiedErrorId : NativeCommandFailedclonezilla-util.v2.4.0.png (view on web) https://github.com/user-attachments/assets/46867fe7-4bda-481a-a3e8-f22dae493e7c
— Reply to this email directly, view it on GitHub https://github.com/fiddyschmitt/clonezilla-util/issues/65#issuecomment-2633605408, or unsubscribe https://github.com/notifications/unsubscribe-auth/ADVA3TAON5JSPHC4722O3B32OCOYVAVCNFSM6AAAAABTUGVCSSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDMMZTGYYDKNBQHA . You are receiving this because you commented.Message ID: @.***>
According to this, FileRepMalware is when:
- The file exhibits suspicious activity, or
- The file does not have a signature, or
- The file has not been added to the antivirus clean set, or
- The file is not well known — very few people have tried to download, launch, or use it.
I'm guessing it's the last one. Hopefully they'll analyse it properly and it'll stop being detected as malware.
Also in v2.60 a "Win32:DealPly-gen [Adw]" malware threat was detected by Avast:
Thanks @0speedy , appreciate the notice. Not sure why it was detected as Adware.