Log in to ZYGOR
Log in with social media
OR
Log in with Zygor account
Forgot your password?

Announcement

Collapse
No announcement yet.

AV software blocking Zygor update process

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
    #1

    AV software blocking Zygor update process

    Hi,

    parts of the update script are invoking what is being viewed as an exploit, by my AV software.

    Ive added:

    C:\Users\zzz\AppData\Local\Zygor\Zygor.exe,

    C:\Users\zzz\AppData\Local\zygor-updater\installer.exe, even

    C:\Users\zzz\AppData\Local\zygor-updater\pending\temp-Zygor_Setup_4.2.13.exe

    to exclusions lists, yet, there is process c:\windows\system32\cscript.exe cscript.exe is specifically being blocked, as exploit

    thoughts?
    Tags: None
    #2
    It is a false positive. The client does nothing that would be considered harmful and we verify it many times during the year with VirusTotal against over 60 different AV software scanners.
    Become a Fan of Zygor Guides on Facebook:
    http://www.facebook.com/pages/Zygor-...04933799556988

    Follow Zygor Guides on Twitter:
    http://twitter.com/zygorguides

    Comment

      #3
      I do want to note that some of those directories don't look familiar to me. If your AV is interfering with some standard directories, that could explain it, but I'm not sure where the zygor-updater directory would be coming from, or even the installer.exe, or zygor-updater/pending.

      If you're 100% certain you downloaded the installer from our website, you should be fine, but otherwise, I just want to throw my hat in the ring to make sure you aren't about to whitelist something that actually is dangerous!

      Comment

        #4
        hmm... thank you for the response. maybe I shall uninstall, and reinstall. it's an older installation

        Comment

          #5
          uninstalled, clean. deleted artifacts, cleaned registry, rebooted. downloaded fresh installer from this site.

          it's creating a C:\users\zzz\appdata\local\zygor-updater directory. within, is installer.exe , so your comments around uncertainty of the existence of the zygor-updater directory, are concerning...

          what is the correct expected path?
          Last edited by xbarbarian; August 26, 2019, 12:58 PM. Reason: added comment

          Comment

            #6
            He probably just forgot about that folder. It's normal and I have it as well.
            Become a Fan of Zygor Guides on Facebook:
            http://www.facebook.com/pages/Zygor-...04933799556988

            Follow Zygor Guides on Twitter:
            http://twitter.com/zygorguides

            Comment

              #7
              I apologize, I was unaware that the installer actually does create those directories. I'd expect them to be cleaned up, but I do in fact have the same directories on my machine as well. Sorry if I raised any unnecessary concern.

              So I'm assuming then that your AV is still blocking your install? Which AV do you use? We might have to reach out to them to correct the false positive.

              In the meantime, I don't know if I would feel comfortable telling you to whitelist cscript.exe. If you do, be sure to remove the whitelist once you get the install to go through.

              Comment

                #8
                no worries, thank you folks.

                I use Malwarebytes. I have reached out to their support, providing logs and such.

                thank you for the prompt responses

                Comment

                Previous template Next
                Working...
                X