Author Topic: What to do when Windows Defender flags and Quarantines Reibirth After an update.  (Read 5097 times)

mainsil

  • Newbie
  • *
  • Posts: 14
  • Inf: +0/-0
    • View Profile
    • Awards
Since its founding Rebirth has had bouts of conflict with Windows Defender, most recently with the Rebirth Issue 6: Dawn of Genesis has seen a spike of false positives.

You can check the validity of the flag by submitting the file to one or more of these services (there are probably more, but these are the ones I am aware of):

https://virusscan.jotti.org/
https://www.virustotal.com/gui/home/upload
https://analyze.intezer.com/scan
https://www.hybrid-analysis.com/


Depending upon your time available and risk tolerance there are two ways to fix the false positive:

mainsil

  • Newbie
  • *
  • Posts: 14
  • Inf: +0/-0
    • View Profile
    • Awards
Just got another false positive Defender ping today and submitted rebirth.exe to MS.  The sandbox report from Hybrid-Analysis.com's report (link below) shows 1 malicious indicator.  Well above my knowledge level, but I think this may be what keeps triggering Defender.

The input sample contains a known anti-VM trick

details
    Found VM detection artifact "CPUID trick" in "sample.bin" (Offset: 5792427)
source
    Binary File
relevance
    5/10
ATT&CK ID
    T1497 (Show technique in the MITRE ATT&CK™ matrix)


Falcon Sandbox Report is found by clicking Bottom left green box in report here:
https://www.hybrid-analysis.com/sample/34013ba43c4ade6b882d162961a9886b296919fad75958a285fd160904140d0d
« Last Edit: August 11, 2023, 11:28:25 am by mainsil »