Anki Installation on version > 2.1.30

I install and update Anki with chocolatey which is setup to do virus checks on everything. By default, a program has to fail 4 tests before it refuses to install. Anki has been failing 4 tests for versions 2.1.33 and 2.1.35. (These are the last two versions the package maintainer has added.)

I know this is likely due to a security vulnerability, not that there’s a actual virus there. But it doesn’t make sense to change chocolatey false positive minimums, or to skip the virus check just for Anki.

This more seems like something that should be patched for the sake of best practice.

Screenshot below and here is the VirusTotal link referenced:

2 Likes

This isn’t a response to this post.

The FAQ page states that new versions sometimes get flagged by antivirus programs, so I assume that is similar to this case.

1 Like

I’m reporting this as an issue because the GH doesn’t accept them. The irrelevant copy/pastes that don’t recognize what the post says aren’t necessary.

Could you explain what makes you think this is likely due to a vulnerability and not just a false positive?
Because this is not the first time that this was reported (See this thread).

I think the FAQ page is the official response to this, but you can wait for Damien’s response anyway.

2 Likes

Referring to a FAQ that just says, ‘not a problem.’ Does not mean not a problem. Of 108 packages, Anki is the only one throwing a single issue consistently. I’ve only seen one other flag on Deno and the next release that came a day after cleaned it up.

If the decision is to ignore everything as always false positive without ever stopping to think if something needs to be cleaned up, then there’s nothing I can do about that. Freeware is freeware.

I’ll leave it up to you to figure out what Riskware is.

It seems this is caused by the bundled mpv.com file:

4 Likes

Finding a potential cause is always a good first step.

@abdo thank you for the thorough investigation!

It seems Anki only uses mpv.exe and mpv will be still working after removing mpv.com.

https://github.com/mpv-player/mpv/wiki/FAQ#On_Windows_why_does_mpvexe_not_attach_to_the_console_and_what_does_mpvcom_do

5 Likes

Thanks guys, I’ll look at removing it in the next beta.

1 Like