MS Defender - PrimalScript PSR17Setup_7.3.108_100517_x64 Trojan Detected

This forum can be browsed by the general public. Posting is limited to current SAPIEN license holders with active maintenance and does not offer a response time guarantee.
Forum rules
DO NOT POST LICENSE NUMBERS, ACTIVATION KEYS OR ANY OTHER LICENSING INFORMATION IN THIS FORUM.
Only the original author and our tech personnel can reply to a topic that is created in this forum. If you find a topic that relates to an issue you are having, please create a new topic and reference the other in your post.

Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
This topic is 6 years and 4 months old and has exceeded the time allowed for comments. Please begin a new topic or use the search feature to find a similar but newer topic.
User avatar
Skylancer
Posts: 1
Last visit: Thu Dec 24, 2020 7:45 am

MS Defender - PrimalScript PSR17Setup_7.3.108_100517_x64 Trojan Detected

Post by Skylancer »

Product, version and build: PSR17Setup_7.3.108_100517_x64
32 or 64 bit version of product: 64
Operating system: Windows 10 1709
32 or 64 bit OS: 64

*** Please add details and screenshots as needed below. ***

Installing the latest release of PrimalScript 7.3.108 100517 x64 triggers MS Defender. File detection Trojan:Win32/Tiggre!rfn

http://telussecuritylabs.com/threats/sh ... 0171016-02

file: C:\Program Files\SAPIEN Technologies, Inc\PrimalScript 2017\ScriptEngines\SAPIEN PowerShell V2 Host (Windows Forms) Win32.engine
PSR17Setup_7.3.108_100517_x64_MSD_Detection.png
PSR17Setup_7.3.108_100517_x64_MSD_Detection.png (37.92 KiB) Viewed 4173 times
The Sapien Update engine crashes when it attempts to download this recent update as well. This happens on two of my workstations. Both Windows 10 1709. Although I don't think this is a Windows 10 issue.

The malware it's reporting is a potential Spyware Agent platform, I honestly hope that isn't true. ;)

Edit: This is the same issue with the Build 100517 installers from Sapien. PowerShell Studio had the same malware detection.
User avatar
Alexander Riedel
Posts: 8478
Last visit: Tue Mar 26, 2024 8:52 am
Answers: 19
Been upvoted: 37 times

Re: MS Defender - PrimalScript PSR17Setup_7.3.108_100517_x64 Trojan Detected

Post by Alexander Riedel »

We have no reports from Windows defender on any current files with the latest definition files. In the past any such reports have always been false positives.
Submit the file in question here: https://www.microsoft.com/en-us/wdsi/filesubmission
to verify. The .engine file is actually not an executable file in its installed state.
As for the update tool, if the download gets interrupted by an outside event, it might crash. It should not, but we have seen it happen. Internet disruption, antivirus deleting files while downloading, etc.
Regardless, you can always download the latest build manually from your accounts page.
I have also uploaded the file to Virustotal.com and I received no alert on this file.
Attachments
2017-10-29_23-53-45.png
2017-10-29_23-53-45.png (91.83 KiB) Viewed 4140 times
Alexander Riedel
SAPIEN Technologies, Inc.
This topic is 6 years and 4 months old and has exceeded the time allowed for comments. Please begin a new topic or use the search feature to find a similar but newer topic.