Update 06/04/2021:
Following a report submitted to Microsoft, the incorrect detection has been removed. All’s well that ends well 🙂
Dear users,
I have received several reports of detections by Windows Defender (the antivirus software included with Windows 10) or other antivirus programs, flagging a possible malware of type Zpevdo.B (or similar names) starting from Excel Swiss Knife version 3.4. In these cases, the antivirus proceeds to “sanitize” the file, causing the add-in to become unusable.
Excel Swiss Knife DOES NOT CONTAIN — AND HAS NEVER CONTAINED any kind of malicious code. What these antivirus programs are detecting is a false positive. When the add-in file is submitted to an online scanning service such as VirusTotal, a small number of “suspicious” detections may appear. These are most likely triggered by certain features of the add-in that establish connections to websites (this website itself, or links accessible from the “Online Resources” menu). Such activity can be flagged as potentially dangerous because similar techniques are sometimes used to download malicious software onto a user’s computer.
You can view the scan results for version 21.1 by clicking this link.
How to address the issue:
If you want your antivirus to treat the add-in as trusted, you need to add it to the whitelist. Each antivirus program has its own procedure; here I will describe the one for Windows Defender.
1. Click the Windows Defender shield icon to open the settings, then select “Virus & threat protection”.
2. Click “Manage settings”.
3. Click “Exclusions” → “Add or remove exclusions”.
4. Click “Add an exclusion” → “Folder”, and select the folder where the add-in is located.
At this point, if necessary, extract the archive containing the add-in again into the same folder, which will no longer be scanned by the antivirus software.
I apologize to anyone who may have felt misled or, worse, put at risk by the add-in. As you know, this project is written in VBA, and VBA macros can contain malicious code if the author has such intentions. For this reason, antivirus software is particularly “sensitive” to files that contain macros. In this case, however — and I want to stress this once again — the add-in contains nothing hidden or fraudulent. possono anche contenere codice malevolo, se l’autore ha questo tipo di intenzioni. Per questo motivo gli antivirus sono particolarmente “sensibili” ai file che contengono macro, ma in questo caso il programma – ripeto – non contiene nulla di nascosto o fraudolento.
Thank you for your attention.
The author of the add-in, Enrico Galli
