Today, Windows Defender said that the shortcut “WinUtil.Ink” was a trojan.
I've had this shortcut for a long time. To create the shortcut, I ran the tool from the “Launch Command - Stable Branch (Recommended)” on the homepage and then clicked the button to create the shortcut on the desktop.
To Reproduce
Steps to reproduce the behavior:
I haven't reproduced the bug. In fact, I haven't even opened the tool for a long time.
I suppose the closest thing to getting the same result is:
Run the command “irm ‘https://christitus.com/win’ | iex” from the home page;
Go to the “Config” category;
Create the shortcut;
Wait for Windows Defender to detect it as a virus? Or check with Windows Defender? I don't know...
Expected behavior
Not being caught as a Trojan and just existing in the desktop
Screenshots
(Note: The language below is Portuguese)
Quarantined:
Immediately after quarantine, it was deleted or blocked:
Additional context
I just opened the computer on a normal day and today it decided that the shortcut is a trojan. I didn't do anything special, it just happened. I didn't even open the shortcut.
I can confirm I have just received the same automatic quarantine of the "WinUtil.lnk" shortcut detecting it as "Trojan:Script/Phonzy.B!ml" stating "This program is dangerous and executes commands from an attacker."
Describe the bug
Today, Windows Defender said that the shortcut “WinUtil.Ink” was a trojan.
I've had this shortcut for a long time. To create the shortcut, I ran the tool from the “Launch Command - Stable Branch (Recommended)” on the homepage and then clicked the button to create the shortcut on the desktop.
To Reproduce
Steps to reproduce the behavior: I haven't reproduced the bug. In fact, I haven't even opened the tool for a long time.
I suppose the closest thing to getting the same result is:
irm ‘https://christitus.com/win’ | iex
” from the home page;Expected behavior
Not being caught as a Trojan and just existing in the desktop
Screenshots
(Note: The language below is Portuguese)
Quarantined:
Immediately after quarantine, it was deleted or blocked:
Additional context
I just opened the computer on a normal day and today it decided that the shortcut is a trojan. I didn't do anything special, it just happened. I didn't even open the shortcut.