This script contains malicious content and has been blocked by your antivirus software.

[Firecat2203]

Describe the bug This script contains malicious content and has been blocked by your antivirus software.

To Reproduce

running the script : and got this Running Script for WPFTweaksEndTaskOnTaskbar Running Script for WPFTweaksBlockAdobeNet WARNING: A runtime exception occurred. WARNING: At line:1 char:1 + This script contains malicious content and has been blocked by your antivirus software. Expected behavior remove part of script or rectify the problem

Screenshots

[MagmaBro123]

Then disable your antivirus.

[Firecat2203]

Then disable your antivirus.

Thank you for your reply

I have used this script successfully without issue in different pc and helped me alot. thank you Chris for your effort and the wonderful work you are doing. I just want to improve and rectify the script more or remove the source or the feature causing the the issue .

[Marterich]

@Firecat2203 seems to be the Adobe tweak (WPFTweaksBlockAdobeNet) that's causing the issue. Maybe Microsoft flagged the GitHub link to the blocklist repo. Will take a look at this when in find the time and no one else beats me to it :)

[Firecat2203]

The script run flaws regardless of the antivirus warning ⚠️ by the way i am using Bitdefender Thank you so much

@Firecat2203 seems to be the Adobe tweak (WPFTweaksBlockAdobeNet) that's causing the issue. Maybe Microsoft flagged the GitHub link to the blocklist repo. Will take a look at this when in find the time and no one else beats me to it :)

[blusewill]

Oh no. Here we go again XDD

[Marterich]

@Firecat2203 Sadly (or thankfully) I don't seem to be able to reproduce the malware warning on my device. Neither with Windows Defender nor with Bitdefender Free installed, so I'm not able to build a workaround for your specific scenario.

[Firecat2203]

Thank you so much for trying

On Mon, 17 Jun 2024, 21:11 Martin Wiethan, @.***> wrote:

@Firecat2203 https://github.com/Firecat2203 Sadly (or thankfully) I don't seem to be able to reproduce the malware warning on my device. Neither with Windows Defender nor with Bitdefender Free installed, so I'm not able to build a workaround for your specific scenario.

— Reply to this email directly, view it on GitHub https://github.com/ChrisTitusTech/winutil/issues/2088#issuecomment-2173922927, or unsubscribe https://github.com/notifications/unsubscribe-auth/BBBR2YEFRO6J3PESDPLLCS3ZH4KEZAVCNFSM6AAAAABJHXHC6KVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCNZTHEZDEOJSG4 . You are receiving this because you were mentioned.Message ID: @.***>

[SHR1SHAK]

I have avast free antivirus and its not flagged by mine either.

[Marterich]

I checked a few days ago and the old winutil release was indeed flagged by bitdefender (using VirusTotal)

As of earlier today, I checked the new release and it's no longer flagged by bitdefender

[iamnitingrover]

Hi @Marterich, I tried the tool today and I have installed Bitdefender as my antivirus tool. Bitdefender is still detecting the script as malicious.

Here is the screenshot of powershell and bitdefender.

[SHR1SHAK]

I think the URL for github is flagged

[Marterich]

I think the URL for github is flagged

Might very well be true, but it's also possible, that the heuristic engine of bitdefender has seen similar logic in malware before (which is very likely)

1. Download file/entries
2. Overwrite or modify host file
3. Flush the cache

This would be a simple way for malware to implement DNS spoofing when you have admin access to the device.

Keeping this in mind, this requires a bit more investigation and fiddling to get "around" the detection and it is also quite possible that We (in accordance with @ChrisTitusTech) decide it would be best to completely remove the tweak, as virus alerts drastically impact the trustworthiness of an application

[github-actions[bot]]

This issue was marked as stale because it has been inactive for 7 days

[github-actions[bot]]

This issue was closed because it has been inactive for 7 days since it was marked as stale