search

GCuser99 / SeleniumVBA

A comprehensive Selenium wrapper for browser automation developed for MS Office VBA running in Windows
MIT License
89 stars 18 forks source link

Selenium.xlam blocked by Defender #89

Closed 6DiegoDiego9 closed 1 year ago

6DiegoDiego9 commented 1 year ago

Today my attempts to download Selenium.xlam or the whole repository in ZIP format get blocked by Defender:

image

Link: https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=Trojan%3AScript%2FWacatac.H!ml&threatid=2147814524

My version:

image

Does it happen to you too?

GCuser99 commented 1 year ago

yes - same happening to me. Scanning with MalwareBytes results in no detection. Likely a false positive but I submitted SeleniumVBA.xlam file to Microsoft for further determination. Will let you know the results when I get them...

GCuser99 commented 1 year ago

I have not received the Microsoft analysis back yet, but it looked like the file scanned negative by their cloud scanner, as part of the submission process.

I just updated Defender's security intelligence on my machine to v1.399.1471.0 and rescanned the xlam file in my GitHub desktop - no problems. I then tried downloading both the xlam and the release asset zip files from our GitHub repo and had no problem downloading. So presumably the false positive has been fixed in the latest version of Defender intelligence...? Can you update intelligence and try again? Thx.

6DiegoDiego9 commented 1 year ago

I just manually called an update of Windows Defender and now it passes for me too! image image

A pass on VirusTotal shows the keywords "download" and "heuristics" image

that makes me suspect that they may be (too much) sensible to our automatic download from the web (and execution) of the webdriver executable, without considering that we're just taking the official files from official Google/Microsoft/Mozilla servers: image

I saw that other security people had problems with the Google domain "gvt1.com" and antiviruses. Could this be it? we'll likely never know... :-)

6DiegoDiego9 commented 1 year ago

Closed (fixed by Microsoft)

GCuser99 commented 1 year ago

MS submission report Analyst comments:

At this time, the submitted files do not meet our criteria for malware or potentially unwanted applications. The detection has been removed. Please follow the steps below to clear cached detections and obtain the latest malware definitions.