1.02 still detected as malware

[r-lyeh]

found here:

#10 (comment)

[r-lyeh]

sadly, submitting the file to https://www.microsoft.com/en-us/wdsi/filesubmission did not make any difference,
so I've had to be more imaginative... this binary takes a different approach.
can you test this binary @Hexaae?

Spectral-wip.zip

[Hexaae]

still blocked :(

[r-lyeh]

odd, virustotal has not been triggering Defender nor Chrome threats since 1.02
not sure where the signature heuristics are coming from. maybe the binary is just not digitally signed ($$$) and that is all

[Hexaae]

Yeah, it can be the heuristics AI...
Possibly paranoid because the emu connects online and downloads games automatically.

[r-lyeh]

yeah, 4 kib downloads... so "dangerous" lol must be encrypted viruses!
sadly, it is much "safer" to download a 300 MiB task organizer .exe written in nodejs these days, sigh... /s/

[Hexaae]

wondering how other similar apps do... Maybe you can get some advice from https://stackoverflow.com/ or SuperUser ?

[r-lyeh]

@Korb has found https://SignPath.io which apparently does digital signatures for free on FOSS projects
the only catches are:
a) the validation of any FOSS project is probably subjective and human prone, not automated. not sure whether emulators or Spectral are valid candidates for them, even if the project is 101% FOSS. they seem to support big corps mostly?
b) it requires GitHub to build & sign the binaries so that also implies a more complete CI/CD workflow

[r-lyeh]

that being said, maybe github CI is already "whitelisted" for Defender and such, so maybe their binaries are already valid out of the box?
I'm not sure, so i might give that a try, without the signpath signatures at all

Edit: well, that didnt work either

[r-lyeh]

please check out the Spectral 105-RC beta

[r-lyeh]

fixed since v1.041