[Bug]: 1.9.9.0被Windows Defender报告木马病毒

[qakcn]

检查清单

• [X] 我已阅读 Snap Hutao 文档中的常见问题和常见程序异常，我的问题没有在文档中得到解答
• [X] 我知道文档站的导航栏中有搜索功能，且已经搜索过相关关键词
• [X] 我的问题不是已完成的问题也不是一个别人已发布的重复的问题

Windows 版本

22631.3447

Snap Hutao 版本

1.9.9.0

设备 ID

A2025760328284AF45975203C39E0691

问题分类

安装和环境

发生了什么？

如题。软件内自动更新和从Github Releases下载都是一样的。

你期望发生的行为？

不被报告病毒，能正常安装。

最后一步

• [X] 我认为上述的描述已经足以详细，以允许开发人员能复现该问题

[dgp-bot[bot]]

device_id: A2025760328284AF45975203C39E0691

Exception Data:
----------------------------------------
System.IO.IOException: 无法成功完成操作，因为文件包含病毒或潜在的垃圾软件。 : 'D:\qakcn\Documents\Hutao\UpdateCache\Snap.Hutao.msix'
   at Microsoft.Win32.SafeHandles.SafeFileHandle.CreateFile(String fullPath, FileMode mode, FileAccess access, FileShare share, FileOptions options)
   at Microsoft.Win32.SafeHandles.SafeFileHandle.Open(String fullPath, FileMode mode, FileAccess access, FileShare share, FileOptions options, Int64 preallocationSize, Nullable`1 unixCreateMode)
   at System.IO.Strategies.OSFileStreamStrategy..ctor(String path, FileMode mode, FileAccess access, FileShare share, FileOptions options, Int64 preallocationSize, Nullable`1 unixCreateMode)
   at System.IO.File.OpenRead(String path)
   at Snap.Hutao.Core.IO.Hashing.SHA256.HashFileAsync(String filePath, CancellationToken token) in D:\appveyor\project\Snap.Hutao.Project-m2qnyjlfvcfi05e5\src\Snap.Hutao\Snap.Hutao\Core\IO\Hashing\SHA256.cs:line 12
   at Snap.Hutao.Service.Update.UpdateService.CheckUpdateCacheSHA256Async(String filePath, String remoteHash, CancellationToken token) in D:\appveyor\project\Snap.Hutao.Project-m2qnyjlfvcfi05e5\src\Snap.Hutao\Snap.Hutao\Service\Update\UpdateService.cs:line 109
   at Snap.Hutao.Service.Update.UpdateService.DownloadUpdatePackageAsync(HutaoVersionInformation versionInformation, String filePath, IProgress`1 progress, CancellationToken token) in D:\appveyor\project\Snap.Hutao.Project-m2qnyjlfvcfi05e5\src\Snap.Hutao\Snap.Hutao\Service\Update\UpdateService.cs:line 144
   at Snap.Hutao.Service.Update.UpdateService.CheckForUpdateAndDownloadAsync(IProgress`1 progress, CancellationToken token) in D:\appveyor\project\Snap.Hutao.Project-m2qnyjlfvcfi05e5\src\Snap.Hutao\Snap.Hutao\Service\Update\UpdateService.cs:line 70
   at Snap.Hutao.ViewModel.TitleViewModel.DoCheckUpdateAsync() in D:\appveyor\project\Snap.Hutao.Project-m2qnyjlfvcfi05e5\src\Snap.Hutao\Snap.Hutao\ViewModel\TitleViewModel.cs:line 64
   at Snap.Hutao.ViewModel.TitleViewModel.InitializeUIAsync() in D:\appveyor\project\Snap.Hutao.Project-m2qnyjlfvcfi05e5\src\Snap.Hutao\Snap.Hutao\ViewModel\TitleViewModel.cs:line 57
   at Snap.Hutao.ViewModel.Abstraction.ViewModel.OpenUIAsync() in D:\appveyor\project\Snap.Hutao.Project-m2qnyjlfvcfi05e5\src\Snap.Hutao\Snap.Hutao\ViewModel\Abstraction\ViewModel.cs:line 32
   at CommunityToolkit.Mvvm.Input.AsyncRelayCommand.AwaitAndThrowIfFailed(Task executionTask)
   at System.Threading.Tasks.Task.<>c.<ThrowAsync>b__128_0(Object state)
   at Microsoft.UI.Dispatching.DispatcherQueueSynchronizationContext.<>c__DisplayClass2_0.<Post>b__0()

Exception Data:
----------------------------------------
System.IO.IOException: 无法成功完成操作，因为文件包含病毒或潜在的垃圾软件。 : 'D:\qakcn\Documents\Hutao\UpdateCache\Snap.Hutao.msix'
   at Microsoft.Win32.SafeHandles.SafeFileHandle.CreateFile(String fullPath, FileMode mode, FileAccess access, FileShare share, FileOptions options)
   at Microsoft.Win32.SafeHandles.SafeFileHandle.Open(String fullPath, FileMode mode, FileAccess access, FileShare share, FileOptions options, Int64 preallocationSize, Nullable`1 unixCreateMode)
   at System.IO.Strategies.OSFileStreamStrategy..ctor(String path, FileMode mode, FileAccess access, FileShare share, FileOptions options, Int64 preallocationSize, Nullable`1 unixCreateMode)
   at System.IO.Strategies.FileStreamHelpers.ChooseStrategyCore(String path, FileMode mode, FileAccess access, FileShare share, FileOptions options, Int64 preallocationSize, Nullable`1 unixCreateMode)
   at System.IO.File.OpenRead(String path)
   at Snap.Hutao.Core.IO.Hashing.SHA256.HashFileAsync(String filePath, CancellationToken token) in D:\appveyor\project\Snap.Hutao.Project-m2qnyjlfvcfi05e5\src\Snap.Hutao\Snap.Hutao\Core\IO\Hashing\SHA256.cs:line 12
   at Snap.Hutao.Service.Update.UpdateService.CheckUpdateCacheSHA256Async(String filePath, String remoteHash, CancellationToken token) in D:\appveyor\project\Snap.Hutao.Project-m2qnyjlfvcfi05e5\src\Snap.Hutao\Snap.Hutao\Service\Update\UpdateService.cs:line 109
   at Snap.Hutao.Service.Update.UpdateService.DownloadUpdatePackageAsync(HutaoVersionInformation versionInformation, String filePath, IProgress`1 progress, CancellationToken token) in D:\appveyor\project\Snap.Hutao.Project-m2qnyjlfvcfi05e5\src\Snap.Hutao\Snap.Hutao\Service\Update\UpdateService.cs:line 144
   at Snap.Hutao.Service.Update.UpdateService.CheckForUpdateAndDownloadAsync(IProgress`1 progress, CancellationToken token) in D:\appveyor\project\Snap.Hutao.Project-m2qnyjlfvcfi05e5\src\Snap.Hutao\Snap.Hutao\Service\Update\UpdateService.cs:line 70
   at Snap.Hutao.ViewModel.TitleViewModel.DoCheckUpdateAsync() in D:\appveyor\project\Snap.Hutao.Project-m2qnyjlfvcfi05e5\src\Snap.Hutao\Snap.Hutao\ViewModel\TitleViewModel.cs:line 64
   at Snap.Hutao.ViewModel.TitleViewModel.InitializeUIAsync() in D:\appveyor\project\Snap.Hutao.Project-m2qnyjlfvcfi05e5\src\Snap.Hutao\Snap.Hutao\ViewModel\TitleViewModel.cs:line 57
   at Snap.Hutao.ViewModel.Abstraction.ViewModel.OpenUIAsync() in D:\appveyor\project\Snap.Hutao.Project-m2qnyjlfvcfi05e5\src\Snap.Hutao\Snap.Hutao\ViewModel\Abstraction\ViewModel.cs:line 32
   at CommunityToolkit.Mvvm.Input.AsyncRelayCommand.AwaitAndThrowIfFailed(Task executionTask)
   at System.Threading.Tasks.Task.<>c.<ThrowAsync>b__128_0(Object state)
   at Microsoft.UI.Dispatching.DispatcherQueueSynchronizationContext.<>c__DisplayClass2_0.<Post>b__0()

Exception Data:
----------------------------------------
System.Net.Http.HttpRequestException: 由于连接方在一段时间后没有正确答复或连接的主机没有反应，连接尝试失败。 (lsw-fast.lenovo.com.cn:443)
 ---> System.Net.Sockets.SocketException (10060): 由于连接方在一段时间后没有正确答复或连接的主机没有反应，连接尝试失败。
   at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.ThrowException(SocketError error, CancellationToken cancellationToken)
   at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.System.Threading.Tasks.Sources.IValueTaskSource.GetResult(Int16 token)
   at System.Net.Sockets.Socket.<ConnectAsync>g__WaitForConnectWithCancellation|285_0(AwaitableSocketAsyncEventArgs saea, ValueTask connectTask, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.ConnectToTcpHostAsync(String host, Int32 port, HttpRequestMessage initialRequest, Boolean async, CancellationToken cancellationToken)
   --- End of inner exception stack trace ---
   at System.Net.Http.HttpConnectionPool.ConnectToTcpHostAsync(String host, Int32 port, HttpRequestMessage initialRequest, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.AddHttp11ConnectionAsync(QueueItem queueItem)
   at System.Threading.Tasks.TaskCompletionSourceWithCancellation`1.WaitWithCancellationAsync(CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.SendWithVersionDetectionAndRetryAsync(HttpRequestMessage request, Boolean async, Boolean doRequestAuth, CancellationToken cancellationToken)
   at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at Microsoft.Extensions.Http.Logging.LoggingHttpMessageHandler.<SendCoreAsync>g__Core|5_0(HttpRequestMessage request, Boolean useAsync, CancellationToken cancellationToken)
   at Microsoft.Extensions.Http.Logging.LoggingScopeHttpMessageHandler.<SendCoreAsync>g__Core|5_0(HttpRequestMessage request, Boolean useAsync, CancellationToken cancellationToken)
   at System.Net.Http.HttpClient.<SendAsync>g__Core|83_0(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationTokenSource cts, Boolean disposeCts, CancellationTokenSource pendingRequestsCts, CancellationToken originalCancellationToken)
   at Snap.Hutao.Core.IO.Http.Sharding.HttpShardCopyWorker`1.<>c__DisplayClass10_0.<<CopyAsync>g__CopyShardAsync|1>d.MoveNext() in D:\appveyor\project\Snap.Hutao.Project-0rgu3i8eehje5o86\src\Snap.Hutao\Snap.Hutao\Core\IO\Http\Sharding\HttpShardCopyWorker.cs:line 71
--- End of stack trace from previous location ---
   at System.Threading.Tasks.Parallel.<>c__53`1.<<ForEachAsync>b__53_0>d.MoveNext()
--- End of stack trace from previous location ---
   at Snap.Hutao.Service.Update.UpdateService.DownloadUpdatePackageAsync(HutaoVersionInformation versionInformation, String filePath, IProgress`1 progress, CancellationToken token) in D:\appveyor\project\Snap.Hutao.Project-0rgu3i8eehje5o86\src\Snap.Hutao\Snap.Hutao\Service\Update\UpdateService.cs:line 128
   at Snap.Hutao.Service.Update.UpdateService.CheckForUpdateAndDownloadAsync(IProgress`1 progress, CancellationToken token) in D:\appveyor\project\Snap.Hutao.Project-0rgu3i8eehje5o86\src\Snap.Hutao\Snap.Hutao\Service\Update\UpdateService.cs:line 69
   at Snap.Hutao.ViewModel.TitleViewModel.DoCheckUpdateAsync() in D:\appveyor\project\Snap.Hutao.Project-0rgu3i8eehje5o86\src\Snap.Hutao\Snap.Hutao\ViewModel\TitleViewModel.cs:line 64
   at Snap.Hutao.ViewModel.TitleViewModel.InitializeUIAsync() in D:\appveyor\project\Snap.Hutao.Project-0rgu3i8eehje5o86\src\Snap.Hutao\Snap.Hutao\ViewModel\TitleViewModel.cs:line 57
   at Snap.Hutao.ViewModel.Abstraction.ViewModel.OpenUIAsync() in D:\appveyor\project\Snap.Hutao.Project-0rgu3i8eehje5o86\src\Snap.Hutao\Snap.Hutao\ViewModel\Abstraction\ViewModel.cs:line 32
   at CommunityToolkit.Mvvm.Input.AsyncRelayCommand.AwaitAndThrowIfFailed(Task executionTask)
   at System.Threading.Tasks.Task.<>c.<ThrowAsync>b__128_0(Object state)
   at Microsoft.UI.Dispatching.DispatcherQueueSynchronizationContext.<>c__DisplayClass2_0.<Post>b__0()

[BTMuli]

1499 #1528

[qakcn]

1499 #1528

谢谢。我只是想知道是哪一部份撩动了Windows Defender的敏感神经，居然还能在不同版本触发而且有的触发有的不触发。

[Masterain98]

Just confirmed the package is marked as malware again, caused by the WD cloud engine, Trojan:AndroidOS/ZkarletFlash, interesting report. The review request has been submitted to Microsoft.

Before the false detection been removed, you have to manually whitelist the file after the download to bypass the deletion by the WD.

[Masterain98]

Cloud detection is removed. However, it's still been detected in client (definition version 1.409.328.0). In my local test device, it's marked as Trojan:Script/Wacatac.B!ml, same to the last time.

[Masterain98]

We have received a response from Microsoft to confirm the false detection has been removed.

[github-actions[bot]]

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related topic.