[BUG]: Potential false-positive malware detection in 0.1.24 komorebic.exe and komorebic-no-console.exe

[maunzCache]

Describe the bug My employee notified me that there was a security alert for komorebic.exe and komorebic-no-console.exe when setting the autostart via komorebic enable-autostart --whkd.

The hash associated with the file is reported as malicious by major OSINT sources, reporting it as "W64.AIDetectMalware" and "Malicious". The command involved appears to be related to creating a shortcut on the system using the path and arguments specified via the SHORTCUT_PATH, TARGET_PATH, and TARGET_ARGS environment variables. This can be useful for automating link creation via PowerShell scripts.

We recommend contacting the user in question to establish the legality of this activity and carrying out a scan on the host. If it is not recognised, it is possible to proceed with cleaning the machine and proceeding with manual deletion of the file.

There is just a few hits on virustotal

scoop.sh version

• komorebi.exe https://www.virustotal.com/gui/file/a85f7eb3901233337cdace1a716dd652aaf61a9335da94ecc6cf7593c16e3a40 (0 Hits)
• komorebic.exe https://www.virustotal.com/gui/file/4e73cd94773ddb366b1508bf330b259b6a8ad993f0e4f5c8556395a70edc36a4 (1 Hit from Bkav Pro)
• komorebic-no-console.exe https://www.virustotal.com/gui/file/7db4bc77fc79c41aa6f2a09e682e596d603bcd34d5588084c86263c2c1c3b279 (4 Hits)

Edit: Same results for the winget version

To Reproduce Steps to reproduce the behavior:

1. Install from scoop (scoop.sh) via the guide at https://lgug2z.github.io/komorebi/installation.html#scoop
2. Run komorebic enable-autostart --whkd from Powershell

Expected behavior Everything is just fine.

Screenshots and Videos ~Add screenshots and videos to help explain your problem.~

Operating System

OS Name:                   Microsoft Windows 11 Pro
OS Version:                10.0.22631 Nicht zutreffend Build 22631

komorebic check Output

No KOMOREBI_CONFIG_HOME detected, defaulting to C:\Users\github-user

Looking for configuration files in C:\Users\github-user

Found komorebi.json; this file can be passed to the start command with the --config flag

Found C:\Users\github-user\.config\whkdrc; key bindings will be loaded from here when whkd is started, and you can start it automatically using the --whkd flag

Additional context I don't think this is an actual issue but a few vendors marking this as trojan. ~However, it should be checked if the scoop version of komorebi was poisoned or not. I did not check this yet.~

[LGUG2Z]

Unfortunately every few versions we get these false-positive alerts and have to submit the file to the Windows Defender website for the binaries to be manually checked before they are approved.

There is just no capacity to deal with false positives which do not block installations from WinGet, and even those I would not deal with if it were not for it's popularity as a distribution platform.

If you have employees using this software in a professional setting and it is (hopefully!) improving their productivity, a great way for any company to support the project at this point would be to identify a code signing certificate that meets their needs and then to make a donation to cover the cost of purchase for N years.

[maunzCache]

i am sorry to hear that and must admit that i didn't do research on closed issues to find a similar case as this one.

Let me close this issue then. i will be able to solve my issues behind the curtains of my company.

Thank you for developing komorebi and taking your time into answering these issues.