What’s the official place right here? Are we, the shoppers, presupposed to take the prospect and legal responsibility of disregarding these detections and failed checksums onto our personal machines? or ought to we watch for a brand new model of SKP? Is there going to be a brand new model and when in that case?
Effectively, it’s kinda like this, to this point nobody within the discussion board has reported a safety concern after putting in 2023. Will this be mounted, in all probability. When is an effective query, it might be a Microsoft or a SketchUp concern. It’s seemingly neither will say when.
That is my present stance as properly. I’m inclined to consider and belief the SU dev crew BUT in relation to web safety, I’ve a strict no belief coverage.
I disagree with the suggestion for any person to ever flip off virus safety, even quickly.
I simply customized scanned your complete “Downloaded Installations” subfolder of SketchUp msi and mst information with Home windows Defender (definitions updated as of right this moment 3-30) on Home windows 10.
No threats discovered.
I’ve additionally beforehand scanned this folder utilizing MalwareBytes and located no points with these information.
2 Likes
We’re making one other try and escalate this at Microsoft. I’ll put up one other replace after I’ve had a dialog with the suitable crew at Microsoft.
Latest data that I’ve from Microsoft is that comparable points have been seen with a Docker Desktop set up. See Home windows defender detects a trojan upon set up of 4.17.1 (false constructive) · Problem #13335 · docker/for-win · GitHub. It was resolved for a lot of of those customers by working updates after which rebooting. They’re wanting on the Docker case and hopefully the SketchUp case being comparable will get further eyes on it. Keep tuned. We’re a minimum of in discussions with Microsoft Safety now.
2 Likes
All malware detectors work by scanning a file for a “signature” sample or patterns of bytes that the authors consider is ample to uniquely determine a specific malware. There may be an ongoing battle between malware authors creating ever extra subtle methods to hide their strategies to interrupt in and safety coders constructing signatures to catch the most recent exploits. However it’s basically inconceivable for the safety of us to make certain they’ve discovered a signature that gained’t set off on some harmless code. There is just too a lot code on the market to check all of it for false positives. I believe that the Microsoft of us are in a scenario of “oh ■■■■, that one is flawed! Now what else would work in opposition to what it was meant to catch?”
That SketchUp was the harmless sufferer says nothing about SketchUp.
2 Likes
So as to present Microsoft the knowledge that’s wanted to resolve this false constructive, we want a case from a person that they might confer with when investigating. In case you really feel snug sufficient, you’ll be able to message me immediately with that data by clicking on my avatar. What we want is alert URL that may be discovered by going to the “Safety.microsoft.com ” portal which is proven in an hooked up picture.