WinToolkit from 1.7.0.1 to 1.7.0.8 to antivirus quarantine

[mcluskyism]

Hi everyone, I'm new to the forum, I hope I wrote in the appropriate one.
I wanted to point out that my company antivirus (Check Point Endpoint Anti-Malware Blade) identifies WinToolkit.exe as infected with UDS:Trojan.MSIL.Agent.gen and relegates it to quarantine.
This happens with the WinToolkit_1.7.0.7 version which is therefore unusable, while with the WTK_v1_1.7.0.0 version the same executable passes the control, and it works.
I would like to test the versions prior to 1.7.0.7 but the download link only points to the latest.
Where can I find intermediate versions? Or should I wait for the next one?
Feel free to offer me further suggestions, thanks and greetings

[Thiersee]

Buongiorno e benvenuto!

 

This is a "false positive", Microsoft Security Essentials identifies it too as a virus, but with another name, depending on the status of the definitions.

Do you antivirus have the possibility to set the program as OK? MSE has that possibility.

BTW, since yesterday the version 1.7.0.8 has been released; MSE does NOT identify this version as infected.

You can download the new version on win-unattended.de.

 

[mcluskyism]

Hi Thiersee, buongiorno a te e grazie per la celere risposta.
I'm pretty sure this is a false positive, and I downloaded the latest version you suggested, but unfortunately my company antivirus thinks that even version 1.7.0.8 contains the same virus, so it won't even let me unpack the archive. 
And no, the antivirus is activated by policies so I have no way even to stop it and pause it with the "classic methods" already tried ( wmic service ... call StopService | net stop ... | sc config ... start= disabled && sc stop ... | TASKKILL / F / IM ... ).
For now I return to the original version v1_1.7.0.0 but, if they were available, I would still be curious to test the intermediate releases from win-unattended.de
I would basically slipstream a Seven Starter ISO for an old netbook, and I'm working on a Windows 10 company laptop (at home I'm up Debian Stable).
Since I would just like to modify Seven and nothing else, do you think I could be happy to stay with the original v1_1.7.0.0 version, and drop the German releases?
Grazie ancora, un saluto

Edited July 27, 2019 by mcluskyism
spelling error

[Thiersee]

1 hour ago, mcluskyism said:

do you think I could be happy to stay with the original v1_1.7.0.0 version, and drop the German releases?

There is no german version of WTK! Or what do you mean?

Intermediate releases:

Silly me, I have them !

If you want I can uploade them on mega.nz and give you the link.

Anyway, in the last days I couldn' have the 1.7.0.7-EXE on my PC, MSE did identify it as virus; after the MSE-Update of yesterday it hasn't been identified as virus anymore and the 1.7.0.8 too.

Ciao.

[mcluskyism]

34 minutes ago, Thiersee said:

There is no german version of WTK! Or what do you mean?

Hello, and sorry! I mean win-unattended.de branch development.

36 minutes ago, Thiersee said:

If you want I can uploade them on mega.nz and give you the link.

Thank you, you would be very kind if you could, so I could test from when the false positive appeared.

Cheers 

[Thiersee]

8 minutes ago, mcluskyism said:

Hello, and sorry! I mean win-unattended.de branch development.

Thank you, you would be very kind if you could, so I could test from when the false positive appeared.

Cheers 

OK!

Here is the link

https://mega.nz/#!mKxDBYKZ!QFMsT2jhV8_CvXTOVq8h3Q-Cj7-oTf5biTWuw1C5BYc

Tell me when you downloaded it, then I pull it down from mega.nz.

[sweden8]

I don´t know if www.virustotal.com is a reliable place to test this file? Anyway it comes up with a number of problems.

VirusTotal.pdf

[mcluskyism]

On 7/27/2019 at 4:35 PM, Thiersee said:

Tell me when you downloaded it, then I pull it down from mega.nz.

Hi Thiersee, downloaded and "grazie" feel free to take them down P.S. sorry for the delay, I will test ASAP 

[mcluskyism]

Hello sweden8, impressive bad result  but I'm still believing they were all false positives

[sweden8]

Hello mcluskyism, I hope you are correct! And I think you are! So I´ll wait for the official version of 1.7.0.8

I´m a big fan of WinToolkit 

 

 

Edited July 29, 2019 by sweden8

[Thiersee]

@sweden8

Since friday 26-07-2019 is the version

1.7.0.8

the official one!

[mcluskyism]

Hi to all, unfortunately I Get No Joy ... all releases of WinToolkit from 1.7.0.1 to 1.7.0.8 are presumed infected, according to my company antivirus.
I am still convinced that this is a false positive, but for now I am screwed.
BTW, my goal ATM is to modify only a copy of Seven Starter ... in yours opinion, maybe the original v1_1.7.0.0 could suffice?
Thanks anyway for all the support, and greetings to the whole forum 

Edited July 29, 2019 by mcluskyism
misspelling

[Thiersee]

Yes, it is!

But if you want to hide some KBs, you can't use the .vbs-script put directly in the section Silent-Installer + SFX (the feauture is only since 1.7.0.7), you must use the .exe-version.

[mcluskyism]

Hi Thiersee, ok, for now I will R.I.P.  on v1_1.7.0.0.

Again, thanks and greetings

[PapoPorz]

Hi all,

I'm having the same problem. McAfee Endpoint Security claims WinToolkitRunOnce.exe to be the Trojan. It quarantains it and there is no way to set it as positive.

Running WinToolkit 1.7.0.8, had the same result with 1.7.0.7. I'll try with the version 1.7.0.0 and report back.

Tom

Edit: Version 1.7.0.0 still running smoothly, no complaints about trojans

 

Edited August 24, 2019 by PapoPorz

[mcluskyism]

Hi PapoPorz, and welcome on my same boat  indeed, thank you for having fully identified the "culprit".

So, any suggestions from the developers? I'm still on v1_1.7.0.0 ATM.

Thank you 

Edited August 24, 2019 by mcluskyism
misspelling

[mooms]

The dev is not made here anymore.

 

 

[Thiersee]

Have a look here (last post):

https://www.wincert.net/forum/topic/14074-wintoolkit-version-1708-1709/page/2/?tab=comments#comment-127293