MS Defender - PrimalScript PSR17Setup_7.3.108_100517_x64 Trojan Detected

Support for all customers who have purchased a PrimalScript product license. This forum does not offer a response time guarantee.
Forum rules
DO NOT POST SUBSCRIPTION NUMBERS, LICENSE KEYS OR ANY OTHER LICENSING INFORMATION IN THIS FORUM.
Only the original author and our tech personnel can reply to a topic that is created in this forum. If you find a topic that relates to an issue you are having, please create a new topic and reference the other in your post.
User avatar
Skylancer
Posts: 1
Joined: Fri Sep 29, 2017 6:55 am

MS Defender - PrimalScript PSR17Setup_7.3.108_100517_x64 Trojan Detected

Post by Skylancer » Sun Oct 29, 2017 6:14 pm

Product, version and build: PSR17Setup_7.3.108_100517_x64
32 or 64 bit version of product: 64
Operating system: Windows 10 1709
32 or 64 bit OS: 64

*** Please add details and screenshots as needed below. ***

Installing the latest release of PrimalScript 7.3.108 100517 x64 triggers MS Defender. File detection Trojan:Win32/Tiggre!rfn

http://telussecuritylabs.com/threats/sh ... 0171016-02

file: C:\Program Files\SAPIEN Technologies, Inc\PrimalScript 2017\ScriptEngines\SAPIEN PowerShell V2 Host (Windows Forms) Win32.engine
PSR17Setup_7.3.108_100517_x64_MSD_Detection.png
PSR17Setup_7.3.108_100517_x64_MSD_Detection.png (37.92 KiB) Viewed 1239 times
The Sapien Update engine crashes when it attempts to download this recent update as well. This happens on two of my workstations. Both Windows 10 1709. Although I don't think this is a Windows 10 issue.

The malware it's reporting is a potential Spyware Agent platform, I honestly hope that isn't true. ;)

Edit: This is the same issue with the Build 100517 installers from Sapien. PowerShell Studio had the same malware detection.

User avatar
Alexander Riedel
Posts: 6361
Joined: Tue May 29, 2007 4:43 pm

Re: MS Defender - PrimalScript PSR17Setup_7.3.108_100517_x64 Trojan Detected

Post by Alexander Riedel » Sun Oct 29, 2017 11:55 pm

We have no reports from Windows defender on any current files with the latest definition files. In the past any such reports have always been false positives.
Submit the file in question here: https://www.microsoft.com/en-us/wdsi/filesubmission
to verify. The .engine file is actually not an executable file in its installed state.
As for the update tool, if the download gets interrupted by an outside event, it might crash. It should not, but we have seen it happen. Internet disruption, antivirus deleting files while downloading, etc.
Regardless, you can always download the latest build manually from your accounts page.
I have also uploaded the file to Virustotal.com and I received no alert on this file.
Attachments
2017-10-29_23-53-45.png
2017-10-29_23-53-45.png (91.83 KiB) Viewed 1206 times
Alexander Riedel
SAPIEN Technologies, Inc.