for several days, I have Comodo which blocks the access API Win32, because it detects a malware@0 in the file 25bbf886.dll.
and that with different version. always the same file.
file is %user%\AppData\Local\Temp\par-6672616e63\cache-exiftool-12.37\25bbf886.dl
what is this file, and is a false positive ?
Thx
Quote from: franck1530 on December 09, 2021, 03:03:29 AMwhat is this file, and is a false positive ?
It's a false positive.
Exiftool is a Perl program, even the Windows "executable" is Perl. The way the Windows executable works is that it uses the Perl PAR::Packer (https://metacpan.org/pod/PAR::Packer) to create a stand-alone executable. The very first time your run the executable, it extracts the Perl program and a minimal Perl interpreter to actually run the program. The offending file is part of that interpreter. Some virus checkers flag this as possibly malicious behavior.
franck1530, you might want to try my "alternate installer". My main motivation was to avoid the silent extraction to %temp%.
The (Inno Setup based) installer gets sometimes false positives at VirusTotal (currenty only CrowdStrike Falcon), the ZIP archives nothing.
Oliver