Zwift install and Windows Defender


(Carl Nolan) #1

Seems the latest install is now also getting blocked by Windows Defender:

The following error occurred: Error code 0x80508023. The program could not find the malware and other potentially unwanted software on this computer.

Category: Trojan

Description: This program is dangerous and executes commands from an attacker.

Recommended action: Remove this software immediately.

Trojan: Win32/Varpes.J!plock

https://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?name=Trojan%3aWin32%2fVarpes.J!plock&threatid=2147706743&enterprise=0

ZwiftSetup.exe
File Version 0.0.0.0
Product Version: 1.0.19
Signer: Zwift, LLC
Issuer: Symantec Class 3 Extended Validation Code Signing CA - G2


(Jon Mayfield) #2

Hi Carl, it might be worth doing a full scan on your computer.  ZwiftSetup.exe hasn’t changed in months on our site, and I just grabbed the latest Windows Defender definitions (I’m using Win10) and grabbed it without any warnings or issues.  I also ran a manual scan on the exe and defender found no issues.

What OS are you using?


(Carl Nolan) #3

This is a Windows 10 install with the latest definitions installed.

I only get an error when running this EXE. I have downloaded it a few times just in case but get the same issue.


(Carl Nolan) #4

I have tried on a few machine and it seems it only happens on the one machine, but consistently. I even just copied the EXE from the funny machine to a different one and it worked fine.


(Carl Nolan) #5

Annoyingly the only machine this is happening on is the one I want to use. I did a full scan and nothing showed, even with the installer file on the machine. I only get the error in the temp files that the installer creates on my machine:

Items:
file:C:\Users\Carl\AppData\Local\Temp\is-T5JFP.tmp\ZwiftSetup.tmp

Is there a ZIP version of the installer I can run with the files already expanded?


(Carl Nolan) #6

Oddly some folks have had the this this with other files: https://forum.sublimetext.com/t/virus-trojan-detected-in-build-3103-x64-installer/17251


(Paul Allen) #7

You could try excluding Zwift.exe from Defender


(Carl Nolan) #8

Unfortunately this does not help as it is not the EXE that is causing the issue it is the extracted files that are placed into the Temp folder.


(Paul Allen) #9

You could turn off Windows Defender and replace it with Malwarebytes.


(Jordan Rock) #10

The Windows Defender on my system is creating issues while it is running, all the files are been detected as malware and are instructed to delete them. Computer Data Recovery will make the users repair the application and restore the deleted files.