Trojan detected by Windows Defender (Script/Wacatac.B!ml) #399
Comments
|
Sadly I am also experiencing the same with WinDefender. WinDefender completely spits the dummy. When I scan the zip file that I have just created it's happy. When I upload it to github and download it immediately, it complains. If I extract the downloaded content and scan all files it's happy again. It's extremely frustrating. I cannot publish it on winget as it only uses WinDefender. Chocolatey does VirusTotal and passes through the packages that have less than four positives. I am trying to break this cycle by including extra text file in the zip so the byte signature is changed. Can you please see if this zip file scans OK after the download. even without extracting? For your own safety please go to the latest release page and try to download cs-script.win.v4.8.23.0.winget.zip Virus Total: gives it 100% OK https://www.virustotal.com/gui/file/8407c192671531b3a7c74eb61c52d83bed7fbe5caff71b7a0c56c17a1bd5291dfile/8407c192671531b3a7c74eb61c52d83bed7fbe5caff71b7a0c56c17a1bd5291d I just want to see that other users have it OK too before I publish again |
|
BTW Virus total reports ZERO for teh zip files downloaded from this repo release page. |
|
From now on I decided to publish the AV scanning results for all releases:
|
Thank you for replying and for adding the reports to the release page, it does help. Downloading from the releases is fine, but Virus Total still triggers 2/65 for the downloaded zip of the repo. Microsoft Defender stopped complaining at first, in fact, it passed the scan well now, but after sometime it triggered https://www.virustotal.com/gui/file/3746e08d04cf425efc32aeaabe0a2dd6fc713ca1cd4dde72b99a12b9d02f49c0 This is for the file that you get when you download the repo ( Thank you for your time, and for the tool! It's super useful, I think it should be a built-in feature of .NET. |
|
I removed a few zip files with the code samples with the hope that it would help with the master download. It looks like it did. This is how I scanned directly from the repo: It is extremely frustrating when. Right now I cannot publish teh product on winget simply because a silly super aggressive AV flagged the file. While it is an Open-Source project, can you imagine something like this with the consumer product? Or... in my prev company medical instruments manufacturing CrowdStrike decided to be cute and deleted old C++ compiler and stopped the production line for one day. When the CrowdStrike disaster happened I was so-o-o not surprised. Their attitude is shocking. These guys have no accountability. They can just randomly declare any product a suspect and effectively stop it from being used. |
Hi, I just downloaded the Git repo and Windows defender triggered a virus alert.
I'm sure it's a false positive, I haven't found other similar posted issues but just in case I'm opening this one so I can have some information on the matter.
It was also triggered by 2/65 vendors in Virus Total:
https://www.virustotal.com/gui/file/e1bc78c9618944bd7accd5d2997a262c5a06f16cc8eae95a79498b02cb04224a
I'm on Windows 11, did anyone else experienced the same?
The text was updated successfully, but these errors were encountered: