Gregecslo 8 Posted January 27, 2022 Posted January 27, 2022 (edited) Hello. Possible FP: Win32/AtlasVPN.A Potentially unwanted application file://C:\program files\dotnet\packs\microsoft.netcore.app.host.win-x64\5.0.10\runtimes\win-x64\native\apphost.exe 16e5ebf8a2ae6ed07892c6d318fcb953c8d2bca7 124416 January 27, 2022 08:07:38 1 Win32/AtlasVPN.A Potentially unwanted application file://C:\program files\dotnet\packs\microsoft.netcore.app.host.win-x64\5.0.12\runtimes\win-x64\native\apphost.exe 2bb7aae7671a506267f4ec698199c447c1ea3ba8 124416 January 27, 2022 08:07:08 1 Win32/AtlasVPN.A Potentially unwanted application file://C:\program files\dotnet\sdk\5.0.303\apphosttemplate\apphost.exe 5ff2eadcf444f245d71ae0501fddc5c921967433 124416 January 27, 2022 08:07:08 1 Win32/AtlasVPN.A Potentially unwanted application file://C:\program files\dotnet\sdk\5.0.403\apphosttemplate\apphost.exe 2bb7aae7671a506267f4ec698199c447c1ea3ba8 124416 January 27, 2022 08:07:08 1 Win32/AtlasVPN.A Potentially unwanted application file://C:\program files\dotnet\packs\microsoft.netcore.app.host.win-x64\5.0.9\runtimes\win-x64\native\apphost.exe 5ff2eadcf444f245d71ae0501fddc5c921967433 124416 January 27, 2022 08:07:08 1 On VT only ESET detects it... Edited January 27, 2022 by Gregecslo
Gregecslo 8 Posted January 27, 2022 Author Posted January 27, 2022 Now our legit apps built with this SDK are being flagged too... Not looking good.
Masamunnex 0 Posted January 27, 2022 Posted January 27, 2022 13 minutes ago, Gregecslo said: Hello. Possible FP: Win32/AtlasVPN.A Potentially unwanted application file://C:\program files\dotnet\packs\microsoft.netcore.app.host.win-x64\5.0.10\runtimes\win-x64\native\apphost.exe 16e5ebf8a2ae6ed07892c6d318fcb953c8d2bca7 124416 January 27, 2022 08:07:38 1 Win32/AtlasVPN.A Potentially unwanted application file://C:\program files\dotnet\packs\microsoft.netcore.app.host.win-x64\5.0.12\runtimes\win-x64\native\apphost.exe 2bb7aae7671a506267f4ec698199c447c1ea3ba8 124416 January 27, 2022 08:07:08 1 Win32/AtlasVPN.A Potentially unwanted application file://C:\program files\dotnet\sdk\5.0.303\apphosttemplate\apphost.exe 5ff2eadcf444f245d71ae0501fddc5c921967433 124416 January 27, 2022 08:07:08 1 Win32/AtlasVPN.A Potentially unwanted application file://C:\program files\dotnet\sdk\5.0.403\apphosttemplate\apphost.exe 2bb7aae7671a506267f4ec698199c447c1ea3ba8 124416 January 27, 2022 08:07:08 1 Win32/AtlasVPN.A Potentially unwanted application file://C:\program files\dotnet\packs\microsoft.netcore.app.host.win-x64\5.0.9\runtimes\win-x64\native\apphost.exe 5ff2eadcf444f245d71ae0501fddc5c921967433 124416 January 27, 2022 08:07:08 1 On VT only ESET detects it... hey i just posted a topic about this too, i have getting a PUA msg about this win32/atlasvpn.a i did not download any atlasvpn or anything, any idea whats this about ?
Gregecslo 8 Posted January 27, 2022 Author Posted January 27, 2022 Most probably false positive. It happened exactly a year ago with same file
Masamunnex 0 Posted January 27, 2022 Posted January 27, 2022 6 minutes ago, Gregecslo said: Most probably false positive. It happened exactly a year ago with same file I see, the question is do i clean it or ignore ? cleaning might cause damage to the operating system ?
Gregecslo 8 Posted January 27, 2022 Author Posted January 27, 2022 Wait for the verdict, then restore.
Administrators Marcos 5,733 Posted January 27, 2022 Administrators Posted January 27, 2022 Yes, it was FP. A new engine update is being worked on which will have the detection fixed. You can create a temporary exclusion and restore the files from quarantine. Masamunnex 1
Masamunnex 0 Posted January 27, 2022 Posted January 27, 2022 Just now, Marcos said: Yes, it was FP. A new engine update is being worked on which will have the detection fixed. You can create a temporary exclusion and restore the files from quarantine. hey i also posted a topic about this but it seems that the file path on my machine is different, looks like its going to a gaming service from microsoft, care to also take a look ?
ESET Moderators Peter Randziak 1,223 Posted January 27, 2022 ESET Moderators Posted January 27, 2022 Hello @Masamunnex, we can check it, if you want send me the log record in a text form and the file detected in password protected archive (set password to infected) via a private message. Regards, Peter
Administrators Marcos 5,733 Posted January 27, 2022 Administrators Posted January 27, 2022 1 hour ago, Masamunnex said: hey i also posted a topic about this but it seems that the file path on my machine is different, looks like its going to a gaming service from microsoft, care to also take a look ? Most likely it was a false positive. An engine update 24688 should be available within minutes which will address the FP.
Administrators Marcos 5,733 Posted January 27, 2022 Administrators Posted January 27, 2022 Affected files will be restored from quarantine after the next update. Nightowl and Peter Randziak 2
Sam1 0 Posted January 27, 2022 Posted January 27, 2022 Hello, The releases of my application compiled with Visual Studio 2019 was also affected by this false positive, the releases of my application compiled with Visual Studio 2022 did not generate an alert from the antivirus. I don't understand why the "Atlas VPN" software is considered a threat by ESET, is it spyware? I have not found anything problematic about this software in the latest news. Are you going to put in place procedures to avoid arbitrarily blocking applications compiled with Visual Studio in the future? It would be a shame to have to delay updating the anti-virus database to avoid this kind of problem. Best regards
ESET Insiders Trooper 71 Posted January 27, 2022 ESET Insiders Posted January 27, 2022 Happened at my job today as well.
Recommended Posts