VBoxWHQLFake.exe

[jschafer]

Hello,

My work firewall app thinks that C:\Program Files\Oracle\VirtualBox Guest Additions\VBoxWHQLFake.exe is malware.

Can someone give me the reason for this file technically?
I want to submit the info. Or is it something that can be deleted?
Just do not want it to affect installation of guest additions in future.

[andyp73]

From the comment at the top of src/VBox/Additions/WINNT/Installer/VBoxWHQLFake.au3:

; VBoxFakeWHQL - Turns off / on the WHQL for installing unsigned drivers.
; Currently only tested with Win2K / XP!

I have no idea whether it is needed for newer versions of Windows but you should probably get your IT folks to add an exception for it if they are looking at what goes on inside your VMs.

-Andy.

[mpack]

My work firewall app thinks that C:\Program Files\Oracle\VirtualBox Guest Additions\VBoxWHQLFake.exe is malware.

Can someone give me the reason for this file technically?

#1 technical reason is that the AV scanner software is badly written, and generates false positives.

Possibly the fact that this VBoxWHQLFake executable seems to be unsigned (and presumably 32bit if it's intended for XP), is part of the reason, assuming your scanner at least automatically exempts executables with trusted signatures.

p.s. VirtualBox is open source: if you want to know what's in any module you can go look at it. If you installed the GAs yourself from official executable then there's no way it can be infected when it was installed.