koboldcpp-1.63 :: Trojan:Win32/Sabsik.FL.A!ml

[avocco]

Can someone else download the latest koboldcpp.exe (1.63) for windows and see if they get the same warning popping up. I did a full system scan to ensure it wasn't my computer that infected the file. So far any other .exe file I download is clear, only this latest release is flagging on Windows Defender.

[loafylemon]

Any detection with the suffix !ml indicates a machine learning detection, which doesn't necessarily mean it is an actual virus. It could just be code that's too similar to a known virus. In my experience, Windows Defender is notorious for this; it has flagged my own code as malicious multiple times, and this seems to be another instance of the same issue.

There's also an edit on the release page that mentions this:

Edit: Something seems to be flagging the CI built binary on windows defender. Replaced it with a locally built one until I can figure it out.

[avocco]

Don't know how I missed the Edit, guess I was too eager to test out Llama 3. Should I close this issue or leave it open to prevent anyone else from opening a duplicate request?

[henk717]

Nothing we can do about it on our side but its been submitted to Microsoft for review. Since its weekend that can sometimes take a few days for them to clear on their end. Its been a while since they last had a false positive on our software and it didn't happen on the PC of Lostruins so it caught us off guard. The file is clean but if you want confirmation of that you will have to wait until Microsoft confirms this.

Feel free to leave the issue open so other people can see my reply, until the false positive is removed by Microsoft.

As loafy is saying, Windows Defender is very eager to flag any sort of self extraction technology. Koboldcpp extracts dll files it uses to the temp directory and occationally that is enough to trip defender.

[Vladonai]

Windows Defender has stopped detecting the threat in koboldcpp.exe. The topic can be closed.