Jimck9
Well-Known Member
"Check it with Malwarebytes, if it doesn't pick up anything you should be good".
I'm a retired Windows Sys Admin. Don't do windows anymore!
I'm a retired Windows Sys Admin. Don't do windows anymore!
Sorry, I must've missed the part where I asked for your credentials.
As far as I'm aware, OP was simply stating what he had found, I offered a little bit of advice based on my opinion.
Now if he had wanted a lesson in Software Engineering or the in's and out's of current Anti-Virus technology, then he'd most likely post on a forum that specialises as such, however since this is a drone forum it's probably safe to say he wasn't expecting that.
But thanks for the unnecessary lesson all the same... yawn
Don’t understand why you are jumping on this dude. I don’t think that there are many here with your av credentials, but there are many here that can express an opinion based on their knowledge, hence the reason most people come here to read, ask questions, learn and help others in this hobby we all enjoy.You stated your opinion and credentials to explain why you were right.
I replied in similar fashion.
The lesson was necessary it seems.
Don't give opinions and advice when you are not qualified to do so nor get into a hissy fit when you are called on it.
I downloaded and installed DJI Assistant 2 For Mavic 2.0.6 for Windows 10 from the official website (Mavic 2 - Specifications, FAQs, Videos, Tutorials, Manuals - DJI)
Bitdefender (Bitdefender - Cybersecurity Solutions for Business and Personal Use) detected Gen:Trojan.Heur.PM.2 in Viewer.exe:
View attachment 64767
I realize this is probably a false positive and I've seen other threads about viruses detected (albeit in older versions of the software,) but I thought it would be prudent to at least mention what I found.
Also hoping someone from DJI can confirm things are OK and perhaps contact Bitdefender to get rid of the false positive for other folks who might see it like me.
Thanks!
WHAT IS THE OS AND CPU INTHE DRONE?
Yes. This is why they are only 90-95% effective. Also you have to make sure you update them regularly. It takes time days/ weeks for a virus to get picked up, a unique signature worked out and then distributed to the AV programs. Not al viruses are discovered the day/week they are first let loose.
I think you've maybe misunderstood this aspect of the problem. Curiosity aside (wild guess: some form of RTOS, or possibly Linux/BSD, running on an ARM architecture), OP was talking about part of the DJI Assistant software installed locally on their PC, not a firmware blob that would be downloaded to the drone.
There are numerous instances of various executables and DLLs in the DJI Assistant installation triggering FPs in AV software, BitDefender being particularly common, although not the only one. That can be quite scary for a layperson (OP did at least realise it was probably an FP and was looking to confirm), so an high-level explaination of what's going on to calm nerves and verify whether there's actually a problem or not seems like a good idea to me.
Really, DJI needs to be a bit more proactive in fixing this. They're not a small company, it's a mostly solved problem, and their own forums contain multiple instances of people with the problem so they can hardly be unaware of the issue. I can understand the occassional unsigned executable slipping through to release, or an FP here and there, but this is a frequent enough occurance it's now just making DJI look sloppy.
Agree with your comments but I think you will find that its not the DJI software that is unsigned it is the Device Drivers they use. Getting WHQL compliance for drivers with Microsoft is a very complex operation with lots of testing and requires MS to cooperate. The priority for WHQL testing is volume based. Drone drivers would not be high on the priority list.
Anybody who thinks it's up to DJI to get this software 'approved' with the anti-malware houses, just doesn't know how this all works ...
From what I see here you have scanned and found "PUPs" Potentially Unwanted Programs that are already in quarantine. Empty your quarantine in each program and scan again. If you REALLY need to clean, start the computer in "Safe Mode" and run all off your antivirus / anti malware programs.Feeding the file viewer.exe to a online virus checkking tool, more engines reporting this file as suspicius/infected:
View attachment 64768
Check it with Malwarebytes, if it doesn't pick up anything you should be good.
"Check it with Malwarebytes, if it doesn't pick up anything you should be good".
I'm a retired Windows Sys Admin. Don't do windows anymore!
MS-DOS...
MS-DOS...
You said "
Which isn't entirely accurate.
Just our of curiosity why is Malwarebytes better than BitDefener? I would be interested in the testing that led you to that conclusion.
If you are not going to get pedantic about it then say nothing.
Being pedantic is the whole point of AV Software, software testing in general and avionic software in particular. .
No one said it was 100%, I personally think Malwarebytes is more effective than BitDefender. But I'm not gonna get all pedantic about it.
I downloaded and installed DJI Assistant 2 For Mavic 2.0.6 for Windows 10 from the official website (Mavic 2 - Specifications, FAQs, Videos, Tutorials, Manuals - DJI)
Bitdefender (Bitdefender - Cybersecurity Solutions for Business and Personal Use) detected Gen:Trojan.Heur.PM.2 in Viewer.exe:
View attachment 64767
I realize this is probably a false positive and I've seen other threads about viruses detected (albeit in older versions of the software,) but I thought it would be prudent to at least mention what I found.
Also hoping someone from DJI can confirm things are OK and perhaps contact Bitdefender to get rid of the false positive for other folks who might see it like me.
Thanks!
Use a few different scanning programs. They all find something different. I like Superantispyware also.
No, it's not up to DJI; it's up to *both* sides - application vendors and the AV vendors to resolve any repeated FP issues. Only the AV vendors can modify their detection routines/whitelisting, DJI certainly can't do that for them, but there are a lot of people producing code and AV vendors are almost certainly going to prioritise based on reports and other feedback. That feedback has got to come from DJI and from us, their users, and since we're pretty niche we might be quite some way down the list.
DJI's issue is that they are inconsistent in their executable signing, which means that AV vendors that might have whitelisted based on DJI's cert are still going to potentially FP when DJI fails to sign, assuming enough other heuristics trip. Just being more consistent on this and making sure they always sign before release would help reduce the FPs significantly, although probably not entirely. Monitoring their own forum for reports and contacting vendors of products that most often FP is absolultely something DJI can do. I've had to do that a few times at $dayjob, and most AV vendors I've dealt with are pretty helpful at telling you why you are getting misclassified and how to fix it if you provide samples. A consistent, valid, and current vendor cert is usually a pretty good first step.