[BUG] LogMonitor.exe being flagged for BA2008 for missing ControlFlowGuard in BinSkim

[ericsuhong]

Describe the bug
BimSkim tool is flagging LogMonitor.exe because it is not being compiled with appropriate flags:

##[warning]1. BinSkim Error BA2008 - File: out/release-x64/..................../LogMonitor.exe.  
Signature: cf1589786cb2eb6e24ec7e3ab21a5fa5c83c77f9eefdaf11e7475e382eaa14ab
Tool: BinSkim: Rule: BA2008 (EnableControlFlowGuard). https://github.com/microsoft/binskim/blob/main/docs/BinSkimRules.md#rule-BA2008EnableControlFlowGuard
'LogMonitor.exe' does not enable the control flow guard (CFG) mitigation.
To resolve this issue, pass /guard:cf on both the compiler and linker command lines. Binaries also require the /DYNAMICBASE linker option in order to enable CFG.
For VC projects use ItemDefinitionGroup - ClCompile - ControlFlowGuard property with 'Guard' value, link CFG property will be set automatically.

To Reproduce
Download BinSkim tool (https://www.nuget.org/packages/Microsoft.CodeAnalysis.BinSkim) and run:

BinSkim.exe analyze ServiceMonitor.exe

Expected behavior
LogMonitor.exe should be compiled with ControlFlowGuard flag and should NOT be flagged by binskim BA2008.

Screenshots
If applicable, add screenshots to help explain your problem.

Configuration
-Tool: LogMonitor
-Version: 2.1.1

Additional context
Add any other context about the problem here.

[ericsuhong]

There is a similar issue flagging ServiceMonitor.exe as well: microsoft/IIS.ServiceMonitor#93

[bobsira]

Looking into this!

[ericsuhong]

@bobsira Any update on this issue? Also, we are seeing the same issue from IIS.ServiceMonitor: microsoft/IIS.ServiceMonitor#93

[bobsira]

I'm currently oof at the moment. Let me get back to this next week and share the progress we have.