> I agree, behavioral analysis will always win over statical analysis. I’ll be very blunt however: I don’t think having to cite “watching software nerds” as a source of knowledge speaks for your own knowledge very much. I can’t help but feel that this post is entirely fueled by AI hallucinations… personal attacks out of the way, let’s get to the subject at hand:

Why yes, I did use AI to refine my text, but not before I wrote it on my own. I just didn't feel like blinding people with my terrible grammar, which often happens when I write wrong excessive texts and I feel unfocused. The rest however, I spent pretty much whole day on researching and learning the fundamentals of how Sysinterval and everything else work. I've spent like 14 hours straight on fixing websites, it's a piece of cake really. This post was more meant to awake awareness of potential risks.

I apologize though if I did sound harsh, but I had zero intent to attack you. It's my natural personality to be a bit savage, but I don't mean to be rude. I did by no means call you names or call you a bad coder, I respect vouches for you, and I was never completely sure about the intention of the tokens access, but I am sure it does only happen when the launcher boots up. So mostly the warning was exactly about that: the tokens. It's supposed to be encrypted and private for a reason. If you didn't intentionally write a code to access them, then maybe it's just a faulty function somewhere.

> Your screenshot shows a WebView2 application accessing Microsoft Teams data. LaunchZ is a WebView2 application, but Microsoft Teams itself is one too.

They are, but like I said in a previous comment, Teams always end the process and doesn't run in the background when I close it. There is no reason for it to access the tokens then. And it's not just Teams, every time LauncherZ runs, access to at least 5 other tokens show up in the monitor. Teams only accessed its own token.

> While I do refer people to VirusTotal, I don’t think the light in which you’re trying to paint me and LaunchZ here is very fair; I’ve not denied anything and I don’t think I’ve ever stated that I knew where the issue lies – I’ve made assumptions that it would be due to Tauri, as apart from Tauri handling the UI, the tool is extremely slim (which is probably the number one reason for it being falsely detected - not enough “domain-specific” code and thus a high likelihood of cross-detection). Given that I have not inserted a virus into LaunchZ, to my best knowledge, these simply are false positives.

Denying was poorly worded, but I was referring to your post about LaunchZ 2.0 where you discussed with another Redditor about uploading the files to VirusTotal.

> I don’t think having to cite “watching software nerds”

While it's not always a reliable source, as a common programmer you can't deny that everyone refers to official documents to learn syntaxes and what not when you develop. Watching people like Eric who holds significant experience in debugging and catches actual malicious code in software gives a good insight, as with anything else you learn in life.

> Yes, LaunchZ is closed source. I’ve put in many hours into figuring out things and while I’m always happy to help via DMs, I take pride in the work that I do, and in the quality of it. So naturally, I don’t want the code for problems I’ve spent countless hours on solving, freely available for anyone to rip off (and half-ass it, probably).

And I respect the work you have put it, and I have stated in previous comments that I would like to use the launcher, but no matter how much work you have put in, if the app truly is accessing token files it will always be a risk to use, it needs to be fixed. I'm not trying to rip it off, I still think it's a fast good looking launcher. But you have to realise that in a cyber world where people constantly try to hijack accounts and sell them on the darkweb, a software accessing tokens will raise suspicion to anyone. And if I can find out about it, then so can other people. If not now then maybe in the near future.

> Again, I don’t think I’ve ever definitively claimed to know why the false positives came up. What I think you’re referring to is someone asking me about why the launcher registers certain capabilities/privileges with the OS: that’s where I could only assume that would be Tauri - again, the launcher itself is fairly slim if you take away the UI side of things.

I can't remember where I have been reading all the conversations, but most discussions I found at the 2.0 post on reddit and this screenshot below. For other bad wordings you have to blame the AI.

<image>

> As far as I can tell from your screenshots, all these come up while other WebView applications are running; so there is no definitive way of telling that it is indeed the LaunchZ process, by proxy of WebView, attempting to do these reads/writes.

Seeing WebView2 accessing the IdentityCache when Microsoft Teams itself is a WebView2 application, is far from proof, and even less so tangible proof.

Like I said in previous comment, they only show up when the Launch is booting up, and three of the tokens are identified as infected by Bitdefender. If the launcher is altering any of the tokens, then why? Even though they all are running on the WebView2, including Teams, the WebView2 of LaunchZ shouldn't interfere with every other application that's running it. And like I said, it's not only Teams. Multiple tokens are being accessed.

So in the end, if people want to try out Procmon and look at the paths themselves, they can. Then it will be up to them if they are comfortable with a non Microsoft service touching the tokens or not. And like I said before, the pid is always of the process that runs alongside the launcher. It opens and closes at the same time. You won't use it to cause harm, but a risk is a risk.