Closed msminhas93 closed 4 months ago
Thanks for letting me know.
By the location of the executable one might assume that it was installed using cargo install
, and built from source. Is that correct, and if so, what's the full command-line used to do the installation? Which version of dua
is this? How was dua.exe
executed?
Does the same thing happen if a an executable from the releases page is used?
My thinking here is that it probably is a false-positive, but if it's not it would mean that a dependency of dua
is injecting code into windows installations. When using cargo +nightly install --force dua-cli
on a Windows 11 VM, no threat was detected.
This was installed using cargo +nightly install --force dua-cli
and I used the command dua i
. I'll try using the release page executable and update.
fyi, Bevy (game engine written in Rust) had the same problem reported about a month ago: https://github.com/bevyengine/bevy/discussions/11624
I installed dua using scoop and that didn't trigger the antivirus even after I invoked it. Most likely a false positive that you mentioned. I'll close this issue since the scoop installation worked for me. Thank you!
https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=Trojan%3AWin32%2FSabsik.FL.A!ml&threatid=2147780195