Page 1 of 1
VBoxWHQLFake.exe
Posted: 1. Jul 2019, 15:18
by jschafer
Hello,
My work firewall app thinks that C:\Program Files\Oracle\VirtualBox Guest Additions\VBoxWHQLFake.exe is malware.
Can someone give me the reason for this file technically?
I want to submit the info. Or is it something that can be deleted?
Just do not want it to affect installation of guest additions in future.
Re: VBoxWHQLFake.exe
Posted: 1. Jul 2019, 15:50
by andyp73
From the comment at the top of
src/VBox/Additions/WINNT/Installer/VBoxWHQLFake.au3:
; VBoxFakeWHQL - Turns off / on the WHQL for installing unsigned drivers.
; Currently only tested with Win2K / XP!
I have no idea whether it is needed for newer versions of Windows but you should probably get your IT folks to add an exception for it if they are looking at what goes on inside your VMs.
-Andy.
Re: VBoxWHQLFake.exe
Posted: 1. Jul 2019, 18:37
by mpack
jschafer wrote:
My work firewall app thinks that C:\Program Files\Oracle\VirtualBox Guest Additions\VBoxWHQLFake.exe is malware.
Can someone give me the reason for this file technically?
#1 technical reason is that the AV scanner software is badly written, and generates false positives.
Possibly the fact that this
VBoxWHQLFake executable seems to be unsigned (and presumably 32bit if it's intended for XP), is part of the reason, assuming your scanner at least automatically exempts executables with trusted signatures.
p.s. VirtualBox is open source: if you want to know what's in any module you can go look at it. If you installed the GAs yourself from official executable then there's no way it can be infected when it was installed.