I’m installing pirated Adobe software, and Windows Defender says it detected a malicious program, name is in the post title. Is it a false positive, or is it actually harmful?
Pop the same file through VirusTotal and see what comes back. Defender will sometimes flag shit just because it performs activity that MS doesn’t like.
That’s not precisely a false positive because they’re not telling you it’s infected with anything.
What they’re saying is just “hey, this is a crack”, which you already knew. As for why they do that:
-
Many of these AV solutions are meant to be used in a business environment, where a crack would be unwanted software. (I mean so would any game, but you definitely want to know if someone is dumb enough to be downloading and installing cracked games on a computer meant for business, which puts the company at risk.)
-
A lot of cracks - even legitimate ones - do stuff that causes malware algorithms to ping on it (modifying other arbitrary software, or is modified in a way that creates unreachable code and other stuff that a compiler wouldn’t normally produce, say.)
-
AV is trained by actual human researchers who investigate files like the above. Most likely when they come across a crack that set off their algorithms they just go “eh it’s a crack, we’re not going to bother investigating it further” and toss it in that bin because realistically pirates aren’t the ones paying their bills.
So it doesn’t mean the software is unsafe, but it doesn’t necessarily mean it’s safe either, so to speak. It’s “no reading.”
-
I would recommend putting it through clamtk, but I am not familiar with VirusTotal.
Here is a quick guide on how to use Virus Total for pirated software https://rentry.org/Guide4VirusTotal