Xecrets and Antivirus

Antivirus and Xecrets

You may experience problems running Xecrets due to blocking actions taken by various antivirus softwares such as Apple Gatekeeper, Microsoft Defender SmartScreen, Bitdefender, ESET NOD32, Malwarebytes, Sophos, F-Secure, Trend Micro, Kaspersky [Blacklisted by US Government], Norton, McAfee, Avast, AVG et. al. We do not endorse or otherwise promote any of these products or technologies, they are listed here only for reference.

A word of caution - all the tips and suggestions on this page assumes that you have downloaded our software from this site, https://www.axantum.com/ and that you actually trust us. If you got the software from some other source, even a friend sending it to you, don't run it, instead go to our download page and get it from here.

Please read on for background information, motivations, and various strategies and solutions to possible problems.

Unfortunately, there is a need to protect users against themselves, as the Internet has turned into a very dangerous place with identity theft, phishing scams, ransomware, credentials stealers etc being commonplace.

All this essentially stems from the ability to install and run software in your device. Because you can't just trust anything, even if it sounds great. Also inventive criminals have found countless ways to use bugs and features to trick you into downloading and running software without even being aware of it.

At first, there were antivirus software to counteract this. These companies collected "signatures" of known bad software (i.e. malware), and would block the downloading, installation and running of software if it matches a known signature. It then turned into, and still is, an arms race between the bad guys who want to steal your money, and the "good guys" who want to take your money in order to protect you from the bad guys.

After signature based antivirus software, we've seen all kinds of both operating system built-in functionality and third party solutions. This all is still evolving, and for instance Apple and Microsoft have taken slightly different decisions.

The problem

The problem is that both builtin measures and third party solutions, in this arms race, have gone from blocking "known bad" software to blocking or warning about "not known good" software in various ways.

So how does a software get to be "known good"? Therein lies the rub.

With Apple you can enroll in the Apple Developer Program at a cost, and then supply your software via the Apple App Store. However, this is a pretty complicated timeconsuming process, and also does not at all well fit a world with frequent releases and cross-platform software. You can go half way, and digitally sign your software, which will help a bit but then you need to setup a build system on a computer with macOS, because their software only works on macOS. There's even yet another step with Apple called notarization further complicating the process.

With Microsoft you can purchase a digital certificate at a significant yearly cost and digitally sign your software. Supposedly this would give the software the right to run, but alas no. Microsoft will not honor a digital signature, and still block and/or warn about it unless it's "commonly downloaded" whatever that means.

With third party software, such as Norton, McAfee etc it's even less clear. They all have their own proprietary and essentially secret criteria for blocking a software to run, or blocking some of it's operations such as Internet access or even file access in some cases. There is no documented way to actually get them to trust a software, it's all based on "reputation" - which is a loose term that typically boils down to "the software has been seen a lot, and there have been few complaints". The definition of "seen", "a lot" and "few" are not publically known.

Windows Microsoft Defender SmartScreen

SmartScreen is the Windows builtin antivirus software, and it will probably warn you about our software, like this:

Initial SmartScreen prompt.

If this happens, click the "More info" link, and you'll get another option - "Run anyway". As long as you're sure about the software and trust the source, click the button to run the software.

The SmartScreen prompt with the Run anyway option.

If you don't get a "Run anyway" option on Windows 10, you may need to search for "App & browser control" in the Start menu, then under "Check apps and files" select "Warn" instead of "Block".

Windows Explorer Unblock

Still having problems with SmartScreen or third party antivirus? You may need to "unblock" the executable. Right click the executable, and select "Properties":

The windows right-click menu.

Then, in the properties display, check the "unblock" option for the file.

The windows properties display with the unblock option.

Apple macOS Gatekeeper

After unpacking Xecrets in a macOS system, and running it you will probably get a warning... This solution applies to both Xecrets Ez and Xecrets Cli.

The macOS blocking gatekeeper popup.

To disable Gatekeeper for this executable, -click the app icon, then choose Open from the shortcut menu. Click Open. (This also applies to the command line tool, you can unblock it by opening it once from Finder as explained here.)

The macOS context menu with option pressed.

When you click "Open" with the "Option" key depressed, Gatekeeper now gives you the possibility to open the application anyway.

The macOS Gatekeeper popup with the possibility to run.

Reporting False Positives

In order to reduce future problems with the various antivirus vendors, it's important that you as a user tell the vendor that you in fact believe the software to be safe, despite the warning given. This is called reporting a "false positive", and if enough people report this, the vendor will eventually whitelist the software.

To facilitate reporting false positives, here are links to some vendors web sites or instructions for this.

For the following we could not easily identify how to report false positives. You might want to take this into account when you evaluate your choice of antivirus vendor. We strongly believe that at an absolute minimum, a vendor must have an easily found channel where false positives can be reported. It has happened that vendors have flagged major operating system components as malware and blocked them...