JayBizzle
commented
6 years ago Weird. Do you have any theories as to why this may be happening?
Closed alexhampu closed 6 years ago
JayBizzle
commented
6 years ago Weird. Do you have any theories as to why this may be happening?
alexhampu
commented
6 years ago I have no idea, this package is a dependency in the new Laravel 5.7 version, and when doing composer install, it just pops up. This is really weird as the file only contains an array of strings, nothing special, but because of that I cannot install it without marking the directory in the exception list.
Later Edit: VirusTotal doesn't find anything special about it: https://www.virustotal.com/#/file/6c16d5af5c8abb99ffbb862d4c71c674aec1dad8cbee65c106ff35fab3989a58/detection
Defender might be upset because of some string that it finds inside it.
JayBizzle
commented
6 years ago Ummmm....perhaps is it one of the strings in that array flagging it?
I don't have a Windows machine to test. If you had the time, you could try removing some of the regexes and keep going until it is no longer flagged to find the culprit. Then we could come up with a solution 👍
alexhampu
commented
6 years ago Ummmm....perhaps is it one of the strings in that array flagging it?
I don't have a Windows machine to test. If you had the time, you could try removing some of the regexes and keep going until it is no longer flagged to find the culprit. Then we could come up with a solution 👍
Yeah, sure. I will try to do this today and if I find it, I will make a PR.
alexhampu
commented
6 years ago The issue is caused by the first string:
'.*Java.*outbrain',
once removed, it's not flagged anymore.
JayBizzle
commented
6 years ago Good work. I wonder if there is anything in particular within that string is the issue? What happens if you just remove outbrain?
alexhampu
commented
6 years ago I was playing with it, but after changing the name of the file, it started to detect it again, so there is still something affecting it.
JanKrohn-Khalibre
commented
6 years ago I had this issue with my own application. The developer needs to submit it to Microsoft as a false positive. It takes about a day or so to get removed. https://www.microsoft.com/en-us/wdsi/filesubmission?persona=SoftwareDeveloper
alexhampu
commented
6 years ago @JanKrohn-Khalibre I think that's the best solution, otherwise other issues may be found in the file.
JayBizzle
commented
6 years ago Submitted to Microsoft. Thanks @JanKrohn-Khalibre
Will keep you updated on the result
JayBizzle
commented
6 years ago Response already...
Thank you for your inquiry.
We have reviewed the file and we have removed the detection.
Please try the following steps to clear cached detections and obtain the latest malware definitions.
- Open command prompt as administrator and change directory to c:\Program Files\Windows Defender
- Run “MpCmdRun.exe -removedefinitions -dynamicsignatures”
The latest definition is available for download here: https://www.microsoft.com/en-us/wdsi/definitions
Best regards, Windows Defender Response
alexhampu
commented
6 years ago For the moment it's not picking the update, but I think this take a little time.
.\MpCmdRun.exe -SignatureUpdate
Signature update started . . .
Signature update finished. No updates neededI think this issue can be closed now. Thank you for your time!
JayBizzle
commented
6 years ago Okay, if you can check in a day or 2 and report back, that would be great, thanks!
alexhampu
commented
6 years ago Okay, if you can check in a day or 2 and report back, that would be great, thanks!
Sure, I will keep an eye on it.
alexhampu
commented
6 years ago A few updates have been released, one of them fixed it. Thank you for your time.
Best regards, Alex.
For some reason Windows Defender marks one file as a trojan.
file: vendor\jaybizzle\crawler-detect\src\Fixtures\Crawlers.php