Hello,
My work firewall app thinks that C:\Program Files\Oracle\VirtualBox Guest Additions\VBoxWHQLFake.exe is malware.
Can someone give me the reason for this file technically?
I want to submit the info. Or is it something that can be deleted?
Just do not want it to affect installation of guest additions in future.
VBoxWHQLFake.exe
-
- Volunteer
- Posts: 1631
- Joined: 25. May 2010, 23:48
- Primary OS: Mac OS X other
- VBox Version: PUEL
- Guest OSses: Assorted Linux, Windows Server 2012, DOS, Windows 10, BIOS/UEFI emulation
Re: VBoxWHQLFake.exe
From the comment at the top of src/VBox/Additions/WINNT/Installer/VBoxWHQLFake.au3:
-Andy.
I have no idea whether it is needed for newer versions of Windows but you should probably get your IT folks to add an exception for it if they are looking at what goes on inside your VMs.; VBoxFakeWHQL - Turns off / on the WHQL for installing unsigned drivers. ; Currently only tested with Win2K / XP!
-Andy.
My crystal ball is currently broken. If you want assistance you are going to have to give me all of the necessary information.
Please don't ask me to do your homework for you, I have more than enough of my own things to do.
Please don't ask me to do your homework for you, I have more than enough of my own things to do.
-
- Site Moderator
- Posts: 39134
- Joined: 4. Sep 2008, 17:09
- Primary OS: MS Windows 10
- VBox Version: PUEL
- Guest OSses: Mostly XP
Re: VBoxWHQLFake.exe
#1 technical reason is that the AV scanner software is badly written, and generates false positives.jschafer wrote: My work firewall app thinks that C:\Program Files\Oracle\VirtualBox Guest Additions\VBoxWHQLFake.exe is malware.
Can someone give me the reason for this file technically?
Possibly the fact that this VBoxWHQLFake executable seems to be unsigned (and presumably 32bit if it's intended for XP), is part of the reason, assuming your scanner at least automatically exempts executables with trusted signatures.
p.s. VirtualBox is open source: if you want to know what's in any module you can go look at it. If you installed the GAs yourself from official executable then there's no way it can be infected when it was installed.