Termius - False positive

Hi,
Avast sends the NSIS installer of the app to the virus lab. I’m the developer can I do something with it?

OS: Windows 10 Pro
Avast version: 19.8.2393 (build 19.8.4793.544)
You can download an installer from:
https://termius.com/beta-program

Virus lab didn’t find anything.
The app is based on Electron, codesigned.
Virustotal also didn’t find anything:
https://www.virustotal.com/gui/file/8267608882479f67ef1e4fb0f1b53e15a4084728a2402e7b5503663e188d4cad/detection
Windows defender is ok with the installer. Also, we publish the app to the Microsoft App Store.

I found some issues with the same topic but there are no answers:
https://github.com/electron-userland/electron-builder/issues/550
https://github.com/electron-userland/electron-builder/issues/3248

Best regards,
Eugene

Hi Eugene, as you’re a developer, read here…

https://support.avast.com/article/229/
https://support.avast.com/article/228/

Hi Eugene73,

Also consider what I stumbled upon on relational IP detections at VT (not from your domain, but still) from that same IP:
https://www.virustotal.com/gui/ip-address/99.84.167.4/relationshttps://www.shodan.io/host/99.84.167.4
For your software’s website:

[quote]Website is insecure by default
100% of the trackers on this site could be protecting you from NSA snooping. Tell -termius.com to fix it.

Identifiers | All Trackers
Insecure Identifiers
Unique IDs about your web browsing habits have been insecurely sent to third parties.

-www.google.comnid
-%7b%22identity%22%3a%22d00ff67e-c51d-4bdc-a4b8-2795a81fe23d%22%2c%22identitytype%22%3a%22anon_uuid%22%7d -cdnjs.cloudflare.comsparrow_id
Legend

Tracking IDs could be sent safely if this site was secure.

Tracking IDs do not support secure transmission.

No CSP header & no cache-control header set.

DOM-XSS issues for Results from scanning URL: -https://cdn.termius.com/webflow/avo/main.00b3f5d2d10f1aed869a.js
Number of sources found: 34
Number of sinks found: 15
F-Grade status: https://observatory.mozilla.org/analyze/cdn.termius.com
cdn.termius.com

This all could be a "tad"more secure. Wait for an avast team member to give the final verdict on the other issue,
that is out of my scope as my specialism is 3rd party cold recon website security analysis and website error-hunting.

Additionally with inside blockers on in Brave, I get

Failed to load resource: net::ERR_BLOCKED_BY_CLIENT xmm3khw.js:1 Failed to load resource: net::ERR_BLOCKED_BY_CLIENT jquery-3.4.1.min.220afd743d.js:1 Failed to load resource: net::ERR_BLOCKED_BY_CLIENT (index):1 Uncaught ReferenceError: WebFont is not defined at (index):1 termius-new.a2410b50b.js:1 Failed to load resource: net::ERR_BLOCKED_BY_CLIENT api.js:1 Failed to load resource: net::ERR_BLOCKED_BY_CLIENT typed.min.js:1 Failed to load resource: net::ERR_BLOCKED_BY_CLIENT sha256.min.js:1 Failed to load resource: net::ERR_BLOCKED_BY_CLIENT jquery.min.js:1 Failed to load resource: net::ERR_BLOCKED_BY_CLIENT (index):275 Uncaught ReferenceError: $ is not defined at (index):275 cdn.amplitude.com/libs/amplitude-4.4.0-min.gz.js:1 Failed to load resource: net::ERR_BLOCKED_BY_CLIENT

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)

Hello Eugene73.

I sent this and the virus Lab analyzed and was not found this detection

File does not seem to be detected by Avast or any other Anti-Virus: https://www.virustotal.com/gui/file/5d0f08488fd9262cf13fca1d014d18dcda779250554bfa408aae98b5f9933d5d/detection

and Avast is not having any detection.

If user wants he can join our whitelisting for future:

You can join our whitelisting program by following these steps:

  1. Fill out the Whitelisting Program Application form: https://www.avast.com/whitelist-program-registration
  2. Wait to receive the FTP credentials to Avast’s FTP server.They will be sent to you after your request for joining the Whitelisting Program will be reviewed.
  3. Upload the file(s) via Avast’s FTP server.

The full process is described in this article: https://support.avast.com/en-ww/article/229/

Thanks to everyone for looking into this.
For sure, we’ll improve our website and related resources security.

We are not going whitelist Termius windows installer because this issue is really rare.
We will re-consider it if we face this false-positive detection more frequently.