says it has a virus


I uploaded the setup file to to see if there is any virus and it says the file has Trojan.Win32.Save.ExternalUi.

Any explanation will be greatly appreciated. Thank you.

1 Like

Indeed, I can verify this, see screenshot below.
This definitely should not be there.
Let me ask Vijay.
@bvijay: Is this Trojan a false positive?
What’s the story; could you please shed some light on this?

Thanks for reporting this, @isittrue.
I hope to hear from the staff asap.

If you use services like virustotal, then first of all, learn to understand the information.

You see a reaction of 1 out of 43. Does this mean that 42 antiviruses are bad and one is good?
In most cases, this is a false-positive reaction when analyzing the file signature.

Secondly, when in doubt about a particular antivirus:
Сontact support for that antivirus and report a suspected bug.
Only after receiving a response does it make sense to operate on the information received and present it to the creator of the file. Of course, no virus to the creator of the virus, unless you are a hacker.

Third, if possible, study how the file is parsed. Often, heuristic analysis is redundant in terms of the number of detections, and detection is removed after manual verification of files by specialists.
As you can see, heuristics with AI technology is used. AI technology is still young, so it is difficult to predict the answer of a “robot” to the question “Is it a virus?”.

1 Like

@isittrue You are concerned about the reaction of “Sangfor Engine Zero”. Are you using it or planning to use it?
I found only the general feedback form on behalf of the organization. Is there a contact form for sending files for verification, as is the case with popular antiviruses?

1 Like

Thanks, @Dolmatov! :+1:
I ran that .exe-installer months ago; haven’t had any issues at all; I’ve scanned with Malwarebytes ànd BitDefender multiple times in the meanwhile as well, got zero detections, as always…
So my guess would also be, a false positive.

I couldn’t find any further information on “Trojan.Win32.Save.ExternalUi”. To clarify about the UI framework used by the application given that the report says ExternalUi, the application is built with JUCE framework which an OpenGL based UI framework.
As @Dolmatov has pointed out Sangfor Engine Zero is an AI based virus scanner and in several forums there are discussions about false positive detection by this virus scanner.

1 Like