[Bug] Bitdefender thinks its dangerous

[calienyal]

What happened?

Bitdefender blocked downloading latest version:-

Online Threat Prevention

We blocked this dangerous page for your protection:
https://objects.githubusercontent.com/github-production-release-asset-2e65be/733694482/4da4a124-8eb5-4baf-bd97-de229a74e052?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20241113%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20241113T164655Z&X-Amz-Expires=300&X-Amz-Signature=779819c6601dad1fbb7022826710848897c2660f807edd7e0c8603678e399ab8&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3DTIDAL-Downloader-NG_windows-x64.zip&response-content-type=application%2Foctet-stream
Threat name: Gen:Variant.Giant.Mikey.95
Dangerous pages attempt to install software that can harm the device, gather personal information or operate without your consent.

Version App

v0.20.1

What operating system are you seeing the problem on?

Windows

Relevant log output

none

Your settings

none

[exislow]

That is a bummer. Thank you for reporting. Do not know what I can do here except to suggest to not use BitDefender.

Here is the VirusTotal scan: https://www.virustotal.com/gui/file/18eaa21ff0fd075914d57517127028a29c58a4fa9639e5176e08cb7c4b388a69

I will extend the README how to disable BitDefender.

[SteadyStatus21]

Hey @exislow, sadly Windows Defender caught on to the program, and now shows the newest release as malware:

I have to whitelist it during this time, but wanted to make you aware that Windows Security / Defender also now detects this.

EDIT:
Windows Security flags as the following:

[exislow]

Windows is miss classifying. See other examples:

• Threat detected by Windows Security: AndroidOS/ZkarletFlash  inconshreveable/ngrok#948
• TypeTreeGenerator detected as a virus SeriousCache/UABE#479 (comment)
• ...

Just don't rely on Microsoft, when it comes to security.

[F1zzyD]

Just don't rely on Microsoft, when it comes to security.

This is terrible advice... I'm sorry, but I don't trust a project that borderline says "trust me bro"......

[psychosys]

All the Antivirus solutions are blocking this now

[psychosys]

I built from source , this time Antivirus is not nagging but still some detect as trojan ( false/positive )
My EXE Size came as 9,641KB

FOR THOSE WHO ARE ACCUSING, I DID INSPECT AND APP IS COMPLETELY SAFE ... SOME PYTHON EXTENSIONS GOT FLAGGED WHICH IS CAUSING THIS PROBLEM, I AM TRYING TO FIND THAT EXTENSION

EDIT :
I was able to find and resolve the problem, PyInstaller got flagged as trojan, this is why it is happening .. to resolve the issue follow these steps

You have Two choices, either run the program through the source by :
poetry run tidal-dl-ng-gui

OR if you want EXE these are my suggestions

1. Upgrade the pyinstaller to the latest version
   pip install --upgrade pyinstaller

create a version_info.txt with following content in program root directory

VSVersionInfo(
  ffi=FixedFileInfo(
    filevers=(0, 20, 3, 0),
    prodvers=(0, 20, 3, 0),
    mask=0x3f,
    flags=0x0,
    OS=0x40004,
    fileType=0x1,
    subtype=0x0,
    date=(0, 0)
    ),
  kids=[
    StringFileInfo(
      [
      StringTable(
        u'040904B0',
        [StringStruct(u'CompanyName', u'Your Company Name'),
        StringStruct(u'FileDescription', u'TIDAL Downloader NG'),
        StringStruct(u'FileVersion', u'0.20.3'),
        StringStruct(u'InternalName', u'tidal-dl-ng'),
        StringStruct(u'LegalCopyright', u'\xa9 2024 Your Name'),
        StringStruct(u'OriginalFilename', u'TIDAL-Downloader-NG.exe'),
        StringStruct(u'ProductName', u'TIDAL Downloader NG'),
        StringStruct(u'ProductVersion', u'0.20.3')])
      ]),
    VarFileInfo([VarStruct(u'Translation', [1033, 1200])])
  ]
)

Create app.manifest

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <assemblyIdentity
    version="0.20.3.0"
    processorArchitecture="*"
    name="TIDALDownloaderNG"
    type="win32"
  />
  <description>TIDAL Downloader NG Application</description>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="asInvoker" uiAccess="false"/>
      </requestedPrivileges>
    </security>
  </trustInfo>
  <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
    <application>
      <supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>
      <supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>
      <supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>
      <supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/>
      <supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/>
    </application>
  </compatibility>
</assembly>

Then build like this :

@echo off
REM Add version information and metadata
poetry run pyinstaller --noconfirm ^
    --windowed --onedir ^
    --name "TIDAL-Downloader-NG" ^
    --icon "tidal_dl_ng/ui/icon.ico" ^
    --version-file "version_info.txt" ^
    --add-binary "pyproject.toml;." ^
    --add-data "tidal_dl_ng/ui/default_album_image.png;tidal_dl_ng/ui" ^
    --collect-submodules "PySide6" ^
    --collect-submodules "tidalapi" ^
    --manifest "app.manifest" ^
    tidal_dl_ng/gui.py

[exislow]

Just don't rely on Microsoft, when it comes to security.

This is terrible advice... I'm sorry, but I don't trust a project that borderline says "trust me bro"......

First of all, this is not what I have said and second, feel free NOT to use this project :-)

@psychosys: Great job. Thank you for your effort. I will try implement this in the build workflow.

[orbittwz]

same here, didn't happen on last version...
did you changed something in the code which triggered heuristics elements?

[orbittwz]

[rh-nl]

To the creator,
When is a solution expected?

I am not going to remove Bitdefender.
Applying the exception rule in Bitdefender does not work either.

Bitdefender keeps throwing the Tidal NG Downloader in quarantine

[exislow]

@rh-nl: As soon, as you propose one. Feel free to get me a pull request. Nobody expects you to remove BitDefender.

@orbittwz: Nothing specific. Check the commit history. Maybe I have overseen something.

[orbittwz]

sorry I don't code with Python so I cannot check anything.
shame, I hope you fix this.
safe programming is fundamental these days.

[psychosys]

sorry I don't code with Python so I cannot check anything. shame, I hope you fix this. safe programming is fundamental these days.

it has nothing to do with developer, the component that makes the EXE files called pyinstaller is causing this false positive issue, the code is clean and safe ... I already implemented the fix which mentioned above, I will make a Pull request, implementing the fix into the existing code so developer can merge it into the current project

[exislow]

sorry I don't code with Python so I cannot check anything. shame, I hope you fix this. safe programming is fundamental these days.

Feel free to not use this app ever again :-)

@psychosys: This sounds awesome. Thank you for your effort in advance.

[ladle3000]

sorry I don't code with Python so I cannot check anything. shame, I hope you fix this. safe programming is fundamental these days.

it has nothing to do with developer, the component that makes the EXE files called pyinstaller is causing this false positive issue, the code is clean and safe ... I already implemented the fix which mentioned above, I will make a Pull request, implementing the fix into the existing code so developer can merge it into the current project

@exislow was @psychosys fix implemented yet? I'm getting the same issue as others just downloading with firefox. I don't know what scanner they use by default. But my pc only has built in windows defender.

Also, is there anyway in the meantime (if not implemented) to check for updates on load? thanks

[orbittwz]

sorry I don't code with Python so I cannot check anything. shame, I hope you fix this. safe programming is fundamental these days.

Feel free to not use this app ever again :-)

I don't think my answer was negative enough to deserve your answer.

[psychosys]

I was not able to create a Pull Request so I write the procedure here :

Adding Watermarking to Executable file to prevent False Positive Detection by Antivirus solutions

Create Two files in source directory with following contents :

version_info.txt

VSVersionInfo(
  ffi=FixedFileInfo(
    filevers=(0, 20, 3, 0),
    prodvers=(0, 20, 3, 0),
    mask=0x3f,
    flags=0x0,
    OS=0x40004,
    fileType=0x1,
    subtype=0x0,
    date=(0, 0)
    ),
  kids=[
    StringFileInfo(
      [
      StringTable(
        u'040904B0',
        [StringStruct(u'Exislow', u'Exislow'),
        StringStruct(u'FileDescription', u'TIDAL Downloader NG'),
        StringStruct(u'FileVersion', u'0.20.3'),
        StringStruct(u'InternalName', u'tidal-dl-ng'),
        StringStruct(u'LegalCopyright', u'\xa9 2024 Exislow'),
        StringStruct(u'OriginalFilename', u'TIDAL-Downloader-NG.exe'),
        StringStruct(u'ProductName', u'TIDAL Downloader NG'),
        StringStruct(u'ProductVersion', u'0.20.3')])
      ]),
    VarFileInfo([VarStruct(u'Translation', [1033, 1200])])
  ]
)

Create app.manifest file

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <assemblyIdentity
    version="0.20.3.0"
    processorArchitecture="*"
    name="TIDALDownloaderNG"
    type="win32"
  />
  <description>TIDAL Downloader NG Application</description>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="asInvoker" uiAccess="false"/>
      </requestedPrivileges>
    </security>
  </trustInfo>
  <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
    <application>
      <supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>
      <supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>
      <supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>
      <supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/>
      <supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/>
    </application>
  </compatibility>
</assembly>

Replace Line 60 to 92 in Makefile with this and Rebuild

.PHONY: gui-windows
gui-windows: ## Build GUI app with PyInstaller
	@poetry run pyinstaller --noconfirm \
		--windowed --onedir \
		--name "$(APP_NAME)" \
		--noupx \
		--manifest "app.manifest" \
		--version-file "version_info.txt" \
		--icon $(path_asset)/icon.ico \
		--add-binary="pyproject.toml:." \
		--add-data="tidal_dl_ng/ui/default_album_image.png:./tidal_dl_ng/ui" \
		tidal_dl_ng/gui.py

.PHONY: gui-linux
gui-linux: ## Build GUI app with PyInstaller
	@poetry run pyinstaller --noconfirm \
		--windowed --onedir \
		--name "$(APP_NAME)" \
		--noupx \
		--manifest "app.manifest" \
		--version-file "version_info.txt" \
		--icon $(path_asset)/icon.png \
		--add-binary="pyproject.toml:." \
		--add-data="tidal_dl_ng/ui/default_album_image.png:./tidal_dl_ng/ui" \
		tidal_dl_ng/gui.py

.PHONY: gui-macos
gui-macos: ## Build GUI app with PyInstaller
	@poetry run pyinstaller --noconfirm \
		--windowed --onedir \
		--name "$(APP_NAME)" \
		--noupx \
		--manifest "app.manifest" \
		--version-file "version_info.txt" \
		--icon $(path_asset)/icon.icns \
		--add-binary="pyproject.toml:." \
		--add-data="tidal_dl_ng/ui/default_album_image.png:./tidal_dl_ng/ui" \
		tidal_dl_ng/gui.py

[Dustman259]

there is some kind of miner in it, 1 hour after i used it, my GPU when 100% just be sitting in windows doing nothing, ESET found TIDAL NG running in memory, after it killed it GPU went to 0%

[exislow]

@Dustman259: This is a hard accusation. Either I recommend you to proof that or stop spreading false accusations.

[psychosys]

there is some kind of miner in it, 1 hour after i used it, my GPU when 100% just be sitting in windows doing nothing, ESET found TIDAL NG running in memory, after it killed it GPU went to 0%

This is an open source project and you can read all the files, there is no such functionality neither in the compiled EXE file or the source code, clear as the day light ... if you used this program you must appreciate and support this man for spending his valuable time to write such a program.

[C-O-D]

I have also noticed that the program does not always exit cleanly, which may be a bug. I have created a small script myself with which I do this manually after each use, also to make sure that the app is not accidentally started twice, which surely can lead to a high CPU usage...

[regorxxx]

I have also noticed that the program does not always exit cleanly, which may be a bug. I have created a small script myself with which I do this manually after each use, also to make sure that the app is not accidentally started twice, which surely can lead to a high CPU usage...

Can reproduce this too.

[ladle3000]

I have also noticed that the program does not always exit cleanly, which may be a bug. I have created a small script myself with which I do this manually after each use, also to make sure that the app is not accidentally started twice, which surely can lead to a high CPU usage...

Can reproduce this too.

I've actually not had this issue on windows 11. Just thought I'd chime in that it is not always the case.

[SteadyStatus21]

I have also noticed that the program does not always exit cleanly, which may be a bug. I have created a small script myself with which I do this manually after each use, also to make sure that the app is not accidentally started twice, which surely can lead to a high CPU usage...

I have noticed this as well, even hours after the program appears to be "closed" it remains as a background task in Windows for me.
This is what I see:

[ladle3000]

Thanks for the screenshot. I can confirm I actually do see the same thing. But like you it doesn't seem to be consuming any resources. So it seems unlikely to me that it would be a miner of any sort.

…

On Monday, December 2nd, 2024 at 4:48 PM, SteadyStatus21 ***@***.***> wrote: > I have also noticed that the program does not always exit cleanly, which may be a bug. I have created a small script myself with which I do this manually after each use, also to make sure that the app is not accidentally started twice, which surely can lead to a high CPU usage... I have noticed this as well, even hours after the program appears to be "closed" it remains as a background task in Windows for me. This is what I see: [image.png (view on web)](https://github.com/user-attachments/assets/53cc0431-1f0e-4592-b421-d67876d228c1) — Reply to this email directly, [view it on GitHub](#231 (comment)), or [unsubscribe](https://github.com/notifications/unsubscribe-auth/AASBWJO6Z7TMTIQIYQTAPTL2DTIT3AVCNFSM6AAAAABRW7AIWKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDKMJSHE4TINJSGQ). You are receiving this because you commented.Message ID: ***@***.***>