Got a trojan threat from Windows defender when using dua

[msminhas93]

https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=Trojan%3AWin32%2FSabsik.FL.A!ml&threatid=2147780195

[Byron]

Thanks for letting me know.

By the location of the executable one might assume that it was installed using cargo install, and built from source. Is that correct, and if so, what's the full command-line used to do the installation? Which version of dua is this? How was dua.exe executed?

Does the same thing happen if a an executable from the releases page is used?

My thinking here is that it probably is a false-positive, but if it's not it would mean that a dependency of dua is injecting code into windows installations. When using cargo +nightly install --force dua-cli on a Windows 11 VM, no threat was detected.

[msminhas93]

This was installed using cargo +nightly install --force dua-cli and I used the command dua i. I'll try using the release page executable and update.

[gosuwachu]

fyi, Bevy (game engine written in Rust) had the same problem reported about a month ago: https://github.com/bevyengine/bevy/discussions/11624

[msminhas93]

I installed dua using scoop and that didn't trigger the antivirus even after I invoked it. Most likely a false positive that you mentioned. I'll close this issue since the scoop installation worked for me. Thank you!