Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
TC UP 8.6 - False accusation of a Trojan by Microsoft Defender
Hello dear TC UP users.

At the very beginning (if you don't want to read further):

Total Commander Ultima Prime 8.6 (same as all previous versions) is 100% clean, there are no viruses, trojans or other malware that the most popular antivirus: Windows Defender FALSELY accuses us of having.

We have been working on the TC UP for 18 years, and Microsoft, together with its Antivirus program, can make our program disappear.
By the way, it's amazing how the monopoly of one company can finish off interesting projects, only with a false accusation.

You can SAFELY DOWNLOAD AND INSTALL the tcup86.exe file - if in doubt, use another reputable anti-virus program to scan this file.

or tools (also, same as Defender, from Microsoft): Microsoft Security Scanner

Long description:

About 2 months after the release of TC UP 8.6 (at the end of February 2023) built into Windows, the Windows Defender Antivirus started blocking the tcup86.exe file, FALSE claiming that the file is a Trojan.

We don't know why it happened.

We don't know why exactly 2 months after release, whether our file has similar herustics to another program that may actually be a Trojan, whether it has too few downloads and is therefore blocked just in case, or maybe someone notoriously reports our file as a Trojan - we just don't know.

Unfortunately, in addition, some morons (because there is no other way to name them) keep reporting the download link as unsafe in Microsoft Edge browser via Microsoft Defender SmartScreen filter.

So read this idiots making these reports: Defender is the only antivirus I know that blocks the tcup86.exe file, if you don't believe it, check the tcup86.exe file with another reputable Antivirus program, or after installing TC UP, scan the system with the Microsoft Security Scanner, to see if it will find any danger - because I am sure that it will not.

Since you are idiots who believe Defender implicitly, do not take away the possibility of downloading the file from other users.

I wanted to take action to remove this false accusation that had damaged the reputation built up over the 18 years of the project.

I did the following steps, which I spent really a lot of time on:

1. I tried to send a file for scanning and mark tcup86.exe as so-called false positives by the website: filesubmission - unfortunately, this website has a limit of 500 MB, TC UP is almost 850 MB - and this is the main problem for which we cannot remove the lock imposed by Windows Defender from TC UP .

If only on this site there was no limit on the size of the uploaded file, or it was, for example, 1GB, then TC UP would be cleared of the charges on the same day it was marked as dangerous.

2. I tried to contact Microsoft by phone, unfortunately it is not possible in Poland - no one answers the phone, the recorded voice on the hotline insistently redirects to help via chat (I don't know how it is in other countries).

3. So I chatted several times with consultants asking to contact the team responsible for Windows Defender, unfortunately it was unsuccessful - and here I have to note one thing, people working in chat at Microsoft behave as if they were robots, there is no no human factor, if something goes beyond their standard procedures - they can't do it.

4. I recompiled the tcup86.exe file without changing anything at all, but as it was compiled on a different day, its MD5 checksum changed - I uploaded this file to the server and for some time, the file was not detected as a Trojan, but after several days Defender started to block the file again, only this time it showed a different threat.

Two exactly the same files, only compiled on different days, are marked as Trojans, but with completely different names.

Below are the links to the files and their MD5 checksums:

tcup86.exe         01a65beb433ab640645dd16640ebcecd - official version, available from the download page
tcup86_v2.exe    a7e5a7b0f5ebccdfd7e451cccd27e77e - version compiled on a different day but with EXACTLY THE SAME content

5. I also asked for help from Softpedia, which hosted the tcup86.exe file and which they scanned and marked as completely clean of all threats, on January 2, 2023,2 days after the release of version 8.6, unfortunately I did not get help from them, instead, they removed version 8.6 and gave a link to version 8.5 (which I partially understand, of course, they care about their reputation), but to make it funnier, version 8.5 is also blocked by Defender.

Possible solutions:

1. Limiting the size of the installation file to a maximum of 500 MB (so that if a virus or Trojan is detected in the file, it can be sent for checking by filesubmission, which would result in the removal of the largest programs included in TC UP - we do not want to do this, every program included in TC UP is useful - they were carefully selected over the years of developing the project.

2. Maybe one of the TC UP users has contact with Microsoft employees, or would be able to approach the Microsoft headquarters in Warsaw (Poland) (unfortunately, I live too far away to go there in person) or another country and present the problem, asking them to contact me - this could help in removing the blockage.

3. Signing the file with a digital signature, unfortunately, it is a paid option that we cannot afford, and additionally we are not sure that it would help.

4. Users could add the file tcup86.exe during download to the exceptions in Windows Defender, maybe after a while it would help - but we are not sure here either.

5. The most logical move is to create a 2-part installer, so that the size of the installer file is below 500 MB, so that if Defender detects a threat, you can easily submit the file for unblocking.

This would be a bit less convenient for users, but at least it would clear TC UP of any suspicion.

Unfortunately, there are 2 problems with this:

1. The time we need to spend on this, so we are asking you for financial support (we understand that your trust in us may have decreased due to this FALSE accusation from the Defender program, but only thanks to your help, we can clear the project of this charge and release new versions with even better functionality)

2. a dozen or so days ago, 2 computers broke down on me (probably the motherboards were damaged, the TV also broke down - such an accumulation ...), which were used to create TC UP, unfortunately I can't afford to buy a new computer at the moment, and thus I have no way to prepare the next version.

That is why I am asking you kindly, maybe one of the TC UP users has an unnecessary computer and would be able to donate it for the purposes of creating next versions of TC UP, if such a person is found, please contact me via this form

We are waiting for your good advice, if you have any ideas, please write in this topic (in English)

Robert Łajka

Forum Jump:

Users browsing this thread: 1 Guest(s)