As the Installation Note for ColourSpace states: "ColourSpace is verified by Light Illusion to be virus free", which means we check all builds for any viruses before release.

However, as the Installation Notes also say, False Positives will happen, as ColourSpace is is both obfuscated and packed.

As an example of a recent test, installing ColourSpace using the Install for all users option, Malwarebytes (and other AV Software, such as Norton, etc.) showed no virus issues to be found.
But, installing using the Install for me only option caused a False Positive to be flagged...

This show just how inaccurate AV software can be, and that the warnings generated really are False Positives.
Any False Positives can be ignored, and ColourSpace should be White Listed to prevent future False Positive warnings.
(You may have to add an Exception within the AV program for the download too, to enable installation.)

When the AV Software in use flags a false positive, please inform the AV Software manufacturer of the False Positive, as they can then improve their virus detection accuracy.

www.virustotal.com can be used to see which Anti-Virus systems generate False Positives with ColourSpace.
For any genuine virus, virtually all Anti-Virus suppliers listed will show a positive result.
Results with just a percentage of the Anti-Virus suppliers showing a positive shows they are False Positives.

Steve

For additional information, many AV providers also explain that such False Positives can be common with Heuristic type scans.

For example, Malwarebytes states Heuristic Scanning should not used, unless you think you have been infected, as it will potentially generate a lot of False Positives.

"The Malware.Heuristic.100X detection names come from a new aggressive heuristic which detects malformations in PE headers which are typically found in malware and viruses. If a file or application is detected as Malware.Heuristic.100X it does not necessarily mean that the file is malicious. It simply means that it's PE structure is similar to that of malware and viruses.

This setting, which can be found under ["Settings > Security > Expert systems algorithms"], is OFF BY DEFAULT.

You should only enable this aggressive heuristic if you suspect your computer has a malware infection which is not detected regularly by Malwarebytes, and want to run a more paranoid scan.

If you have enabled this aggressive heuristic on purpose or by accident, and Malwarebytes detects some of your legitimate files or applications as Malware.Heuristic.100X, you should either:

Disable the Expert Systems Algorithms setting
Add your detected files to the Malwarebytes exclusions ["Settings > Allow List"]"

See also: Explained: False positives

Steve

It also seems Microsoft Defender/Windows Security is now flagging up Heuristics based false positives.
It may be necessary to add an Exception for the folder ColourSpace is installed in, and/or the ColourSpace.exe file.

See: https://support.microsoft.com/en-us/windows/add-an-exclusion-to-windows-security-811816c0-4dfd-af4a-47e4-c301afe13b26

We have sent multiple examples of ColourSpace to Microsoft, but any anti-virus program using Heuristics is nearly always going to flag false positives.

Here is a short discussion on Windows Security.

Steve

To add to this thread, here are some common False Positives:

• Wacatac.B!ml
• Puwaders.C!ml
• Caypnamer.A!ml
• Softcnapp

Often proceeded by the term PUA, which stands for 'Potentially Unwanted Program' and is a catch-all for when poor anti-virus
doesn't understand what it has scanned, although the term Trojan is also often used.

The included ColourSpace-Installation.pdf document within the download has further information.

Steve

For Microsoft Defender, please submit ColourSpace to Microsoft stating the False Positive encountered.

https://www.microsoft.com/en-us/wdsi/filesubmission
And select Home User

For the question 'What do you believe this file is?'
Click either 'Incorrectly detected as malware/malicious' or 'Incorrectly detected as PUA (potentially unwanted application)' depending on the False Positive you have encountered.
And add information on the False Positive file name encountered.

For alternative AV software see: https://docs.virustotal.com/docs/false-positive-contacts

Steve

I was going to open a new topic about this But I found this I don't know why Windows is telling me that colorspace has a trojan virus

With the latest update The problem is that it removes the shortcut to open the application on the desktop and I have to install the program again

It works but after a while it comes back saying there is a virus and removes the desktop shortcut for colorspace

Are there any recommendations to avoid the problem or can an update be released to prevent the message from appearing again while retaining the new features

See the information in this thread!
Whitelist ColourSpace.

It may be necessary to Whitelist both the download folder, as well as the actual installed .exe.
For example:



The File location is where ColourSpace is installed.
The Folder location is where ColourSpace is download to.
This is all you need, but obviously with your correct directory locations.

Steve

I've also hit this with 2069 and 2075. I've submitted for analysis.

Yeah, Windows Defender decided to kill the colourspace.exe process and delete the exe file yesterday on my Win11 24H2 laptop. Whitelisting the exe both as a process and a file seems to be enough.

I have also met an issue with Avast, as it was not possible, from the zip file, to install CS:
Here what Avast detects:


Basically, even if you flag it as exception, as Avast quarantines the full path name, and a temporary directory is there, next time it still bock you.
There are two solution:
1. unzipping the exe somewhere and flag it as exception (a little tedious)
2. Disabling Avast for 10 minutes. You may have to tell Defender to run anyway the installer. Colourspace.exe works, if previously flagged as legal.

Hope it helps somebody