Windows Defender prevent running Electrum 3.0.4

[kostepanych2]

I downloaded Electrum 3.0.4 from official site (https://electrum.org/#download) and Windows Defender prevent running it:

Code:

Windows protected your PC
Windows Defender SmartScreen prevented an unrecognized app from starting. Running this app might put your PC at risk.

App: 
electrum-3.0.4-setup.exe 
Publisher:  
Unknown publisher 

There is no such thing with version 3.0.3.

So why Windows Defender don't like 3.0.4 (and without any question accept 3.0.3)?
Is 3.0.4 safe to use?

[1715535392]

1715535392

[1715535392]

1715535392

[1715535392]

1715535392

[1715535392]

1715535392

[hatshepsut93]

Did you verify the signature? There are some threads here where people too thought that they've downloaded from official site, only to turn out later that it was from malicious fake sites from google ads.

I've checked it with Windows Defender and Malwarebytes, and it's clean.

Also dropped it on Virustotal - https://www.virustotal.com/#/file/0489e1df2d71da170f83aefdbf31f69378cff03648b776a588fd504046c5b2ee/detection

It might be a false positive in your case (if this is really an original version), windows defender was previously triggering on Electrum and other verified cryptocurrency programs like Geth. Just make sure to verify the signature first.

[kostepanych2]

Just make sure to verify the signature first.

Is there any tutorial how to check signature in Windows 10?

[TryNinja]

Is there any tutorial how to check signature in Windows 10?

Here it is: https://steemit.com/bitcoin/@jklepatch/how-to-verify-the-integrity-of-electrum-wallet-executable-on-windows

[crairezx20]

I'm also confuse of using the latest one since they are always detected by AV and i feel not safe of using it since the electrum 3.0 not work in windows 7 because of python never update my electrum wallet from electrum 2.9.3 but password protect.. still didn't experience yet any problem using it just found the news from theymos i read from github that the only affected is those who are using 3.0.3 because of enabled CORS in electrum 3.0.3

Well since the electrum 3.0 to 3.0.2 is fine when using before maybe only the affected wallet is 3.0.3

[kostepanych2]

Is there any tutorial how to check signature in Windows 10?

Here it is: https://steemit.com/bitcoin/@jklepatch/how-to-verify-the-integrity-of-electrum-wallet-executable-on-windows

Trying to do according this tutorial...

When doing this

Code:

gpg --keyserver pool.sks-keyservers.net --recv-keys 0x2bd5824b7f9470e6

I get an error:

'gpg' is not recognized as an internal or external command,
operable program or batch file.

I searched for gpg.exe in C:\Program Files (x86)\Gpg4win dir, but there is no such file there...

[jerry0]

Did you verify the signature? There are some threads here where people too thought that they've downloaded from official site, only to turn out later that it was from malicious fake sites from google ads.

I've checked it with Windows Defender and Malwarebytes, and it's clean.

Also dropped it on Virustotal - https://www.virustotal.com/#/file/0489e1df2d71da170f83aefdbf31f69378cff03648b776a588fd504046c5b2ee/detection

It might be a false positive in your case (if this is really an original version), windows defender was previously triggering on Electrum and other verified cryptocurrency programs like Geth. Just make sure to verify the signature first.

Can you explain what you mean by verify the signature?  You mean to tell if its legit?


Because if you download electrum from the real electrum website, would that be enough?  That is how i updated electrum back then when it was version 2.x etc.  So if you download from official site, just click on windows installer and download and thats all right?

[kostepanych2]

Did you verify the signature? There are some threads here where people too thought that they've downloaded from official site, only to turn out later that it was from malicious fake sites from google ads.

I've checked it with Windows Defender and Malwarebytes, and it's clean.

Also dropped it on Virustotal - https://www.virustotal.com/#/file/0489e1df2d71da170f83aefdbf31f69378cff03648b776a588fd504046c5b2ee/detection

It might be a false positive in your case (if this is really an original version), windows defender was previously triggering on Electrum and other verified cryptocurrency programs like Geth. Just make sure to verify the signature first.

Can you explain what you mean by verify the signature?  You mean to tell if its legit?


Because if you download electrum from the real electrum website, would that be enough?  That is how i updated electrum back then when it was version 2.x etc.  So if you download from official site, just click on windows installer and download and thats all right?

I think there may be some very rare cases when official site hacked and files (or link) changed by hacker... Or if you have virus it can change javascript in your browser and download from other site... Or something else...

[Darooghe]

How to verify the signature?

[hatshepsut93]

Can you explain what you mean by verify the signature?  You mean to tell if its legit?


Because if you download electrum from the real electrum website, would that be enough?  That is how i updated electrum back then when it was version 2.x etc.  So if you download from official site, just click on windows installer and download and thats all right?

Just downloading from the real website is not enough, the site could have been hacked to distribute hacker's malicious client, you might have a malware on your PC that redirects you to a fake site while it visually looks just like the real one.
To prevent this, developer is creating digital signatures and posts them next to his files. Users have to download both the installation file and corresponding signature, then run a special command (if on Linux) or use a special software if on Windows to verify that installation files were indeed signed with developer's private key. His public key is well known and have been posted on forums and distributed keyservers.

Just make sure to verify the signature first.

Is there any tutorial how to check signature in Windows 10?

I'm using Kleopatra, which came with gpg4win and is very easy to use
https://bitzuma.com/posts/how-to-verify-an-electrum-download-on-windows/

[TryNinja]

How to verify the signature?

Read the previous posts next time. https://steemit.com/bitcoin/@jklepatch/how-to-verify-the-integrity-of-electrum-wallet-executable-on-windows

-snip-

I searched for gpg.exe in C:\Program Files (x86)\Gpg4win dir, but there is no such file there...

Mine can be found inside the C:\Program Files (x86)\GnuPG folder.

[kostepanych2]

Is there any tutorial how to check signature in Windows 10?

Here it is: https://steemit.com/bitcoin/@jklepatch/how-to-verify-the-integrity-of-electrum-wallet-executable-on-windows

Trying to do according this tutorial and in the end get this:

Code:

>"c:\Program Files (x86)\GnuPG\bin\gpg.exe" --verify electrum-3.0.5-setup.exe.asc electrum-3.0.5-setup.exe
gpg: Signature made 01/08/18 03:14:37 Belarus Standard Time
gpg:                using RSA key 2BD5824B7F9470E6
gpg: Good signature from "Thomas Voegtlin (https://electrum.org) <thomasv@electrum.org>" [unknown]
gpg:                 aka "ThomasV <thomasv1@gmx.de>" [unknown]
gpg:                 aka "Thomas Voegtlin <thomasv1@gmx.de>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.

Is this file ok? What does this warning mean?

[hatshepsut93]

Trying to do according this tutorial and in the end get this:

Code:

>"c:\Program Files (x86)\GnuPG\bin\gpg.exe" --verify electrum-3.0.5-setup.exe.asc electrum-3.0.5-setup.exe
gpg: Signature made 01/08/18 03:14:37 Belarus Standard Time
gpg:                using RSA key 2BD5824B7F9470E6
gpg: Good signature from "Thomas Voegtlin (https://electrum.org) <thomasv@electrum.org>" [unknown]
gpg:                 aka "ThomasV <thomasv1@gmx.de>" [unknown]
gpg:                 aka "Thomas Voegtlin <thomasv1@gmx.de>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.

Is this file ok? What does this warning mean?

It means you haven't certified developer's public key so your program doesn't trust it yet. Follow the instructions under "Import the Developer Public Key" in the article that I've posted here earlier.

The developer's public key for signing Electrum releases is 2BD5824B7F9470E6, the same that is mentioned in the article and the same that you've already verified the signature for, but you shouldn't immediately trust it - before certifying it, search it on public key servers and maybe some other mentions on the Internet to make sure that you are really adding the key of ThomasV.

[pooya87]

Windows Defender SmartScreen prevented an unrecognized app from starting. Running this app might put your PC at risk.

translation:
Microsoft: "the publisher of the program you are trying to install has not paid us, so we don't recognize them".

it is a Code Signing Certificate that the publishers can purchase and use that to digitally sign their released applications. it costs something as low as $80 if i am not mistaken and doesn't really do anything if you ask me when we have PGP signatures which are more secure.