this post was submitted on 28 Jul 2024
24 points (83.3% liked)

Cybersecurity

5685 readers
4 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Community Rules

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !cybersecurity@lemmy.capebreton.social !securitynews@infosec.pub !netsec@links.hackliberty.org !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 1 year ago
MODERATORS
 

It's the top result if you searched in GitHub about removing Microsoft edge, while it's not detected by Windows Security, Eset or Kaspersky (the best av vendors) it's being detected by other av engines, is it a false positive?

you are viewing a single comment's thread
view the rest of the comments
[–] Pika@sh.itjust.works 4 points 3 months ago* (last edited 3 months ago) (4 children)

from the page itself

  • Removing Edge may cause update failure loop. Install Edge, install all Windows updates, then remove Edge.

  • Some reports of Windows Defender blocking this. Disable Defender first.

those as separate cases would make it second guess using it, the fact they both are there, I wouldn't personally use it. there is also reports from virustotal that it isnt safe, if you used this software already, I highly recommend a deep cleanse of your system

that being said, the "source" page of it looks genuine, but definitely a hard hack, if it is as the commit claims and it is the MS setup executable, which can't be confirmed source

[–] LostXOR@fedia.io 7 points 3 months ago (3 children)

That Python script is basically just running setup.exe (which has no apparent source code). Definitely doesn't look genuine in the slightest.

[–] Pika@sh.itjust.works 4 points 3 months ago (2 children)

its running setup.exe with the values --uninstall --system-level --force-uninstall, which sound good as long as the setup.exe is actually the MSedge setup file as it claims, current checksums do not match though, but this could be that the setup was changed from now and when it was added last year, but you can't verify it. That being said, the rest of the code does indeed remove the residue edge from the system, which if the exe wasnt uninstalling it would cause problems as you operated it. That being said, yes you can't verify it without knowing the current setup file version, and having the original to validate the checksum.

[–] LostXOR@fedia.io 4 points 3 months ago (1 children)

Didn't realize Edge actually had a file named setup.exe used for uninstalling. Though it's quite suspicious they'd include their own file instead of using the one already included with Edge.

[–] Pika@sh.itjust.works 2 points 3 months ago* (last edited 3 months ago)

I'm still looking into it myself tbh, so far I checked the checksums of the file itself, and the one that was active for the commit date 1/6/23 and the current edge installer exe, none of them match the file in the repo I don't personally trust it either. The command line parameters are valid though, as in they appear to match the expected command line for the setup.exe file that should be in %PROGRAMFILES(X86)%\Microsoft\Edge\Application\xxx\Installer , with XXX being your edge version.