Atlas Informatik signs all its produced software (*.exe) with a Digital Certificate
Windows will warn you every time you install a program. After we released a new update of our applications, Windows 10 and up has the habit to say "This program is not commonly downloaded and could harm your device". This just means "We as Microsoft have no feedback whether it is safe up to now". This warning should not appear anymore after several people installed it but from our experience it still happens after years.
Currently, we still have False Positives from Microsoft Defender all the time, even though we have been sending our software to Microsoft for analysis before quite some time. What's more, some products of other companies were also regularly reported as false positive, for example the Tor browser [see here] and even some of Microsoft itself [see here].
If you want to make sure that the file was not attacked by a virus, you can look at the file's fingerprint. To do this, right-click on the Atlas Subtitler Setup.exe, select Properties, switch to the Digital Signatures tab, select Andres Rohr, click on the Details button and see if there is a certificate from Andres Rohr. If so, you can also press the Show certificate button, switch to the Details tab, scroll down the list, and compare the fingerprint. There should be one of these:
- starting from the year 2021: bc 9f 5b 78 17 98 bb a0 ec b2 34 d8 fe 4c 01 48 45 5a b5 bb
- starting from the year 2018: c9 5b 73 1e 9c 60 e4 06 b3 83 59 f9 b3 d7 12 a2 ab 62 98 68
- until the year 2018: 8b 02 af 1f ae 60 af a2 51 a1 6a eb c7 28 a7 30 89 b9 dd ae
If one of these matches, you can be absolutely certain that the Exe is in its original state and therefor safe. This is due to the fact that digital certificates are only issued after a very complex procedure involving the submission of personal documents (Picture, passport, proof of residence, proof of telephone number). In other words, the manufacturer of a digitally certified software is fully known and can be held responsible in case of a criminal act.
A second option you have is to scan the Exe with the VirusTotal online virus scanner. This delegates the scanning to about 70 different virus scanner products. If there are still a few red messages, you can read the chapter "False alarms" below. If you find both a digital certificate and only a few such messages, you can be 100% sure that it is virus-free.
After you did your checks you can right click the download and select "Run anyway". A box will appear that says "Windows protected your PC". Click on the link "More info" and press the button "Run anyway". If the installed app doesn't appear after the installation, please read below in the chapter "If blocked...".
There are antivirus software or server settings that completely prevent the downloading and / or installation of exe files. For this case, there is always a 7-Zip archive (same name ending in .7z) with the exe inside each exe. To unpack that you have to first install the free program 7-Zip. This is an open source community solution and therefore safe. Since it can also process zip and rar by the way, in our opinion it's the best compression tool currently available.
False alarms in antivirus programs
If an Atlas program is still new, it may be reported as infected by a few antivirus programs. You should always be aware that virus scanners work with heuristics. Because this is a kind of guessing False Positives may occur. At the moment we have just such single false positive cases, e.g. one with Microsoft Defender when it scans our product Mighty Desktop (more about that here). After some time, these false positives are usually removed by the virus scanner companies and they all report our products as virus-free.
If you get a virus warning from an antivirus program installed on your local computer, it helps to update its virus definitions or otherwise update the program.
If you still get false alarms, you should know the following: Atlas Informatik applications are generally post-processed and protected by so-called Obfuscation. This prevents third parties from easily decompiling the application. This actively prevents theft by copying and also the manipulation of our work intensively produced programs. Additionally, it also protects the installed application from virus attack and the data entered in the application from being read out. Unfortunately, malicious programs also use obfuscation to avoid detection. Some antivirus programs are now a bit all too reluctant and simply issue an alert in advance when they detect obfuscation. This is of course not the right way, because honest programs that are obfuscated are made to look bad. Therefore it is important for you as a consumer to be able to judge such alarms correctly.
Known False Positives so far are:
- Win32/ClipBanker: In Mighty Desktop probably because of the system calls that the Clipboard Recorder uses
- HEUR/AGEN.Nnnnnn: "HEUR" means heuristic, which means it's only a guess, based on the detected obfuscation
- PACKED-FQV!Nnnnnn: probably appears because Atlas software is compressed resp. packed, a part of the Obfuscation process
- PWS:MSIL/CryptInjector!MTB: Also a complicated way to say that Obfuscation was detected.
- Trojan.Generic@AI.88 (RDML:OYxDWEVgyjLkz…): Seen from "Rising Free Antivirus", a Chinese company from Beijing, where neither the company nor a secure https website can be found. Be always careful with free antivirus programs, they get full access to your system and data. From our experience a lot of work has to be put into cultivating and updating virus signatures daily. It's not profitable for any company on this planet to produce an antivirus program free of costs that is providing this service.
It is also always interesting for us software vendors that antivirus labs do not bother to explain on their websites what is actually meant by the issue. What's worse, unsubstantiated allegations like "This software steals passwords" or similar are displayed. This way the customer has a hard time to decide whether he can safely use the software and honest software producers are discredited as crimnals. Not nice and also damaging to our business. At some point we might hand over this case to a lawyer. Funnily enough, it sometimes happens to Microsoft with their own products as well, see here.
If you want to be on the safe side, you can scan the Setup.exe with the online virus scanner VirusTotal. This scans with approx. 70 different virus scanner products. If the Altas software has not been infected by a virus, only a handful of messages will appear, all stating that our software is obfuscated and compressed. Unfortunately, there are no links to explanations of the abbreviations. If you take a closer look, it shows that their automatic reverse-engineering has failed. And that's a good thing, because this is exactly what protects our intellectual property from being easily analyzed and copied by hackers.
For a detailed discussion about all this we can recommend this video of the author Britec09.
If blocked by the current antivirus program, eg Microsoft Defender, Windows Defender and so on.
In order to run our Atlas software you sometimes need to add it to the so-called white list (resp. "Ok list", "Exclusion list") of the antivirus program. Otherwise, it may simply not start. Bad antivirus programs do not even display any information in this case. If you use Windows Defender (or Microsoft Defender) as your antivirus program, you can add our app as an exception to the list as follows:
- Make sure that the setup has completely finished (push the "Close" button at the end).
- Type "Virus & Threat Protection" in the search box at the bottom left corner
- Click the blue link "Protection History", or in older Windows "Threat History"
- If there is a blue link "Allowed threats" click it
- If there is a blue link "View full history" link
- Now there should be an entry "Threat blocked" or similar and we can see that the app has been falsely classified as a virus, trojan or unwanted app.
- Click the down arrow on the right side. A new "Action" dropdown appears.
- Click on the "Actions" or "Severe" button and select "Allow". In the following "User Account Control" window, click "Yes".
- Start now the Atlas application (not the setup). It should start normally. Please be patient, at first time it can take some time.
Another option is to add our app as an exclusion to the exclusion list:
- Right click on the shortcut to our app and open the properties.
- Copy the content of the "Target:" box to the clipboard
- Type "Virus & Threat Protection" in the search box at the bottom left corner
- Click on the blue link "Manage settings"
- In the "Exclusions" section, click Add or remove exclusions. Confirm the following box.
- Click on "+ Add exclusion", then "Process"
- Paste the clipboard content into the box and click Add.
One more option you have is to install a third party antivirus program. There are some that have better detection rates than Microsoft Defender and are also free of charge. We used Avast and Avira for years and are very happy with them.