search

AvaloniaUI / Avalonia

Develop Desktop, Embedded, Mobile and WebAssembly apps with C# and XAML. The most popular .NET UI client technology
https://avaloniaui.net
MIT License
26.05k stars 2.25k forks source link

Building Avalonia triggers Windows Defender Trojan alert. #16530

Open IanRawley opened 3 months ago

IanRawley commented 3 months ago

Describe the bug

Building the master branch of Avalonia on Windows 11 with the latest Defender signatures triggers a Trojan detection warning. Looks to be related to Appium in the Integration Tests. I'm pretty sure it's a false alarm, or at least not caused by Avalonia code specifically, but something I thought the team should be aware of.

To Reproduce

Build the Master branch (or a fork of it) on Windows 11 with the latest Windows Defender signatures.

Expected behavior

No trojan warning.

Avalonia version

Fork of Master branch

OS

Windows

Additional context

Copy and paste of Event Log entry:

Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
 For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:MSIL/Vidar.PTHK!MTB&threatid=2147901855&enterprise=0
    Name: Trojan:MSIL/Vidar.PTHK!MTB
    ID: 2147901855
    Severity: Severe
    Category: Trojan
    Path: file:<REDACTED>Avalonia_Fixes\tests\Avalonia.IntegrationTests.Appium\bin\Debug\net8.0\Avalonia.IntegrationTests.Appium.dll
    Detection Origin: Local machine
    Detection Type: Concrete
    Detection Source: Real-Time Protection
    User: <REDACTED>
    Process Name: C:\Program Files\Microsoft Visual Studio\2022\Professional\Common7\IDE\Extensions\TestPlatform\vstest.console.exe
    Security intelligence Version: AV: 1.415.393.0, AS: 1.415.393.0, NIS: 1.415.393.0
    Engine Version: AM: 1.1.24060.5, NIS: 1.1.24060.5
maxkatz6 commented 3 months ago

Weirdly, never had this with my setup.

IanRawley commented 3 months ago

It's only started happening recently, my builds for the last PR I submitted had no issues. So some time since the beginning of June. If there's any more details that could be helpful tracking down what the cause is let me know where to look and I'll dig up what I can.

kekekeks commented 3 months ago

Appium does control your desktop through the automation APIs, so AV software is likely to detect it as malware.

Add your project directory to defender exceptions.