06-29-2017 , 12:00 PM
Windows Firewall Control v.4.9.9.1
Change log:
- New: Nothing changed. I just increased the version from 4.9.9.0 to 4.9.9.1 just to prove how poor are many antivirus detection systems that detect wfcs.exe as a false positive.
Download location: https://binisoft.org/download/wfc4setup.exe
SHA1: d142012f1ed42ab9e7ff3f0be85374357de286ec
SHA256: 93b454aad068257a57b9b779613fd19e278eec833a99120062c2fda83837c010
VirusTotal:
wfc4setup.exe
https://www.virustotal.com/en/file/93b454aad068257a57b9b779613fd19e278eec833a99120062c2fda83837c010/analysis
wfc.exe
https://www.virustotal.com/en/file/0ac26a08968e0e6d97a479645f7ce909c13d04fad649a2687c68d091fe40a27a/analysis
wfcs.exe
https://www.virustotal.com/en/file/26f86bbaef341ceb7e51063a128d97a5fcde9613080a96635ecc0fef2214fa2a/analysis
Below is the VirusTotal report for WFC service from version 4.9.9.0 released a week ago, which is detected as Trojan.Generic... by multiple antivirus vendors:
https://www.virustotal.com/en/file/...52cb59f9dbc00f1d35f072fa2c7a6ab9c8c/analysis/
I just changed the version from 4.9.9.0 to 4.9.9.1 and then recompiled the software. Now the false positive is gone and with the same virus definition versions, WFC service is not detected anymore. This makes me wonder how these antivirus engines work ? The code is the same, so how they decide a program is a threat or not ? It just doesn't make sense. And has nothing to do with the fact that WFC is not digitally signed.
I made this experiment because I have received tens of emails in the past week which describe the same problem. Kaspersky and other antivirus vendors were detecting WFC service as Trojan.Generic and removed wfcs.exe from their machines.
Please report any false positives to your antivirus vendors. Thank you for your support.
Best regards,
Alexandru
P.S.: If you have problems reinstalling WFC, after your antivirus removes wfcs.exe, please read below:
https://www.wilderssecurity.com/threads/...st-2674385
Change log:
- New: Nothing changed. I just increased the version from 4.9.9.0 to 4.9.9.1 just to prove how poor are many antivirus detection systems that detect wfcs.exe as a false positive.
Download location: https://binisoft.org/download/wfc4setup.exe
SHA1: d142012f1ed42ab9e7ff3f0be85374357de286ec
SHA256: 93b454aad068257a57b9b779613fd19e278eec833a99120062c2fda83837c010
VirusTotal:
wfc4setup.exe
https://www.virustotal.com/en/file/93b454aad068257a57b9b779613fd19e278eec833a99120062c2fda83837c010/analysis
wfc.exe
https://www.virustotal.com/en/file/0ac26a08968e0e6d97a479645f7ce909c13d04fad649a2687c68d091fe40a27a/analysis
wfcs.exe
https://www.virustotal.com/en/file/26f86bbaef341ceb7e51063a128d97a5fcde9613080a96635ecc0fef2214fa2a/analysis
Below is the VirusTotal report for WFC service from version 4.9.9.0 released a week ago, which is detected as Trojan.Generic... by multiple antivirus vendors:
https://www.virustotal.com/en/file/...52cb59f9dbc00f1d35f072fa2c7a6ab9c8c/analysis/
I just changed the version from 4.9.9.0 to 4.9.9.1 and then recompiled the software. Now the false positive is gone and with the same virus definition versions, WFC service is not detected anymore. This makes me wonder how these antivirus engines work ? The code is the same, so how they decide a program is a threat or not ? It just doesn't make sense. And has nothing to do with the fact that WFC is not digitally signed.
I made this experiment because I have received tens of emails in the past week which describe the same problem. Kaspersky and other antivirus vendors were detecting WFC service as Trojan.Generic and removed wfcs.exe from their machines.
Please report any false positives to your antivirus vendors. Thank you for your support.
Best regards,
Alexandru
P.S.: If you have problems reinstalling WFC, after your antivirus removes wfcs.exe, please read below:
https://www.wilderssecurity.com/threads/...st-2674385