HDHomeRun SW for Windows Download - Virus/Trojan warning?

Help and support for HDHomeRun DVR and HDHomeRun software for Windows 10, Mac, Android, XBox, etc.
Post Reply
OTATVandSDHomeRunFan
Posts: 13
Joined: Sun Feb 11, 2018 11:02 pm

HDHomeRun SW for Windows Download - Virus/Trojan warning?

Post by OTATVandSDHomeRunFan »

This past Wednesday (05/20/20) and again today (05/22/20) I tried downloading the latest HDHomeRun Software Pkg for Windows (Feb? 2020 Pkg) from the Silicon Dust Support Downloads section.

I keep getting a warning from my hardware firewall's Security Software that this .exe package contains a Trojan and the Security Software blocks the download.

Is anyone else having this issue? Or is my security solution generating a false positive?

Thanks!
HDHRFan

NedS
Silicondust
Posts: 1089
Joined: Mon Dec 10, 2018 12:38 pm

Re: HDHomeRun SW for Windows Download - Virus/Trojan warning?

Post by NedS »

It looks like the download links are using http instead of https. Try this link instead:

https://download.silicondust.com/hdhome ... indows.exe

OTATVandSDHomeRunFan
Posts: 13
Joined: Sun Feb 11, 2018 11:02 pm

Re: HDHomeRun SW for Windows Download - Virus/Trojan warning?

Post by OTATVandSDHomeRunFan »

Hi Ned,

Thanks for your reply. The https-based link you listed in your reply works fine.

I also just re-tried the (http-based) link on the Support Download page (http) and that works fine now, too.

However: I seems to me that both your msg link and the current Download-web-page link now resolve to a package for the 20200521 Windows Pkg. I am pretty sure that the downloads I tried earlier (for which I received the trojan warning) resolved to a file from 20200225 (i.e. February).

In checking your downloads page more carefully, I notice that the download package version (and associated links) appear to have changed. More specifically, the link I had trojan warnings on appears to have been pointing to the package now listed as previous "production" software (from 20200225). And, the current links point to what was previously described as the "beta" package (now listed as "production" software from 20200521).

Also, I have never had an issue with a security/trojan alarm based on the protocol used to download the file. While I suppose it is possible that this contributed to the issue, I am highly skeptical that this caused it. I have never seen a transport protocol (used to download a file) cause a false alarm on the target file itself.

In summary, I value and appreciate Silicon Dusts products. I suspect the company realizes how vital it is that the firmware/software for these products (which act as servers on our internal networks) NOT be compromised. If somehow some entity were to succeed in compromising a device like your tuners (or related software), our private networks and the devices operating on them would all be at potentially significant security risks. I sure hope that there is a robust security & continuous validation process in place at Silicon Dust to ensure that firmware & software packages published are not posing security risks for your users.

Having a compromised tuner might explain a lot of issues people otherwise ascribe to their playback (or other) devices.

Thanks again for your help.
HDHRFan

NedS
Silicondust
Posts: 1089
Joined: Mon Dec 10, 2018 12:38 pm

Re: HDHomeRun SW for Windows Download - Virus/Trojan warning?

Post by NedS »

You probably got an older cached version of the page from the CDN that handles our website, and that was the previous link that just changed. There's no virus with any of our downloads. There have been false positives with that past version before, and they're just that, a false positive.

nickk
Silicondust
Posts: 15867
Joined: Tue Jan 13, 2004 9:39 am

Re: HDHomeRun SW for Windows Download - Virus/Trojan warning?

Post by nickk »

Code: Select all

sha256sum.exe hdhomerun_windows_20200225
af29d7b0773e2447170e8697b95c513db82d15ca71b75fa485022a45ea134e44 *hdhomerun_windows_20200225.exe
The file on the server matches the master build and a re-test of the master build passes our security checks.

OTATVandSDHomeRunFan
Posts: 13
Joined: Sun Feb 11, 2018 11:02 pm

Re: HDHomeRun SW for Windows Download - Virus/Trojan warning?

Post by OTATVandSDHomeRunFan »

Ned & Nick,

Thanks for your replies. I appreciate it.

One last strange thing I want to report. I just went to download the latest (20200521) Windows Package from the SilivonDust Downloads page to a 2nd computer (the one I tried to download from yesterday & had the download blocked).

I noticed that the Download link is using http (not https) protocol.

My browser asked me to approve the download of the 98.0 MB file from target: download.silicondust.com/hdhomerun/hdhomerun_windows_20200521.exe

I approved this.

My security package running on this computer then reported 3 downloaded files that were deemed safe, as follows:
1. to the folder I had targeted the download to be placed in: file name "hdhomerun_windows_20200521.exe"
2. 4 seconds after 1. above: to the folder "[RootDirectory]\$Extend\$Deleted": file name "0078000000013C92009102C3"
NOTE: Once I saw this, I checked $Extend\$Delete and no directory structure appears to exist there now. And yes, I made sure to show hidden files and system files.
3. ~1 minute & 8 seconds after 2. above: to my browser's cache directory folder: "hdhomerun_windows_20200521[1].exe"

I have not seen this behavior before. Any idea what might be going on?

I'm wondering if the browser's attempted download from last night (which was blocked by the hardware firewall) might have contributed to this strange behavior?

Finally, any idea what the file "0078000000013C92009102C3" is? Is it legitimate? Is it an artifact from my attempt yesterday to download the 20200225 package?

I can send you some additional screenshots and log info from my computers local firewall (or even the hardware firewall) if useful.

Thanks.

Post Reply