I recently downloaded a program, Wireless Network Watcher, from NirSoft. When I tested the program for malware, VitusTotal, 8 security vendors identified malware. However, I understand from other sites that the software is safe. Has anyone else experienced this? If so did you install the program or not? I would like to believe VirusTotal is reporting false positives but... As always I would appreciate all replies and would thank you in advance. John
I've been using Wireless Network Watcher for ages. It's definitely safe to use and I couldn't care less what VT says.
In short and in general: There are programs that could be used for good intensions and could be used for bad intensions. Some AV's flag those programs as "potential unsafe" (or some other wording like that). It is the user who has to decide here. I know that this is a bit short on the topic (generally speaking) but it gives an idea (I hope).
I just download and scanned it. I clicked Reanalyze file, so that it would be scanned again and it's now detected by 7 scanners. However, when scanning files at VirusTotal, it's important to take note of what a file is classified as. Two antiviruses correctly detected as being potentially unwanted (a PUP), or riskware. Both of these detections indicate that it's not malware. That leaves five antiviruses that detect it as being malicious. However, they are all heuristic detections. Antiviruses use heuristics to analyse a file and look for potentially suspicious behaviours. This can lead to false positives, as there are behaviours that can be used by both legitimate software and malware. A heuristic detection does not mean that a file is definitely malicious, it just means that it's a possibility. Of course in this case, as others have explained this isn't malicious. VirusTotal says that the file was first scanned two days. It's quite possible that in the next few days the detection rate will drop as antivirus vendors fix the false positives and no longer wrongly detect it.
nirsoft ever was defeated by some antivirus tools - because its coded very close to system functions and its usage can also be abused (ns tools are able to got run with invisible window). such false positives exist since decades for nirsoft.
Nirsoft tools contain vulnerabilities that can be abused by malware and they refuse to fix them, so while I use them, I do not trust them, I take it as running a crack, while usefull, not really safe. https://borncity.com/win/2020/04/16/dll-hijacking-vulnerabilities-in-nirsoft-tools/ Nirsoft tools are portable, only a few require you to install a driver.