Generated setup getting flagged as a virus by windows defender

[chrisrestall]

I believe this may be a known but has my security team concerned. I am getting a prompt and log from windows defender indicating malware in the created setup file whenever I attempt to run it:

...\OurSoftwareSetup.exe->(ZipSfx)->lib/native/Squirrel.exe

Name: Program:Win32/Beareuws.A!ml
Category: Potentially Unwanted Software

It seems to flag a squ***.tmp.exe file that gets generated in my local temp when I click the setup:

example
\AppData\Local\Temp\squ8CAB.tmp.exe

Does running the setup generate temp files like this in the profile temp directory, I know it does in an app specific directory at that level? Assumed a false positive potentially resolved by code sign?

[caesay]

The generated Setup.exe is a very simple C++ binary, with your whole nupkg appended to the end. All Setup.exe does is extract lib/native/Squirrel.exe (the squirrel updater/installer) to squ****.tmp.exe, and run it. The temporary squirrel installer then extracts the whole nupkg to the right place in app data etc. This temporary file will be cleaned up when Setup.exe exits.

In general, dotnet core 5/6 single file bundled binaries do have more problems with !ml detections because they contain compressed executable code which is a common tactic of viruses. Signing should help, see #28.