Page 1 of 1

MS Defender - PrimalScript PSR17Setup_7.3.108_100517_x64 Trojan Detected

Posted: Sun Oct 29, 2017 6:14 pm
by Skylancer
Product, version and build: PSR17Setup_7.3.108_100517_x64
32 or 64 bit version of product: 64
Operating system: Windows 10 1709
32 or 64 bit OS: 64

*** Please add details and screenshots as needed below. ***

Installing the latest release of PrimalScript 7.3.108 100517 x64 triggers MS Defender. File detection Trojan:Win32/Tiggre!rfn

http://telussecuritylabs.com/threats/sh ... 0171016-02

file: C:\Program Files\SAPIEN Technologies, Inc\PrimalScript 2017\ScriptEngines\SAPIEN PowerShell V2 Host (Windows Forms) Win32.engine
PSR17Setup_7.3.108_100517_x64_MSD_Detection.png
PSR17Setup_7.3.108_100517_x64_MSD_Detection.png (37.92 KiB) Viewed 4175 times
The Sapien Update engine crashes when it attempts to download this recent update as well. This happens on two of my workstations. Both Windows 10 1709. Although I don't think this is a Windows 10 issue.

The malware it's reporting is a potential Spyware Agent platform, I honestly hope that isn't true. ;)

Edit: This is the same issue with the Build 100517 installers from Sapien. PowerShell Studio had the same malware detection.

Re: MS Defender - PrimalScript PSR17Setup_7.3.108_100517_x64 Trojan Detected

Posted: Sun Oct 29, 2017 11:55 pm
by Alexander Riedel
We have no reports from Windows defender on any current files with the latest definition files. In the past any such reports have always been false positives.
Submit the file in question here: https://www.microsoft.com/en-us/wdsi/filesubmission
to verify. The .engine file is actually not an executable file in its installed state.
As for the update tool, if the download gets interrupted by an outside event, it might crash. It should not, but we have seen it happen. Internet disruption, antivirus deleting files while downloading, etc.
Regardless, you can always download the latest build manually from your accounts page.
I have also uploaded the file to Virustotal.com and I received no alert on this file.