ChromesDuzez
commented
11 months ago @Michael-wigontherun got any information on this file? and why it's getting pinged by Microsoft?
Open ChromesDuzez opened 11 months ago
ChromesDuzez
commented
11 months ago @Michael-wigontherun got any information on this file? and why it's getting pinged by Microsoft?
Michael-wigontherun
commented
11 months ago Is a known thing. As a fail safe for decompiling and recompiling scripts it needs to start and restart champolion and the papyrus compiler to successfully or rather reliably tell if a script can or cannot be recompiled using the decompiled code.
At least that's the only thing I can think of as why it gets flagged.
There are tons of people who have windows or what ever antivirus flags it.
ChromesDuzez
commented
11 months ago Ok thank you! Might be good to leave this up for people to see so if they are curious, they can refer to this.
Chigusa0w0
commented
10 months ago The VirusTotal result is quite unsound - 31/72 virus scanner believe there is some sort of trojan inside the main executable file, and 26/60 believe some inside the release zip
A deeper look into the Behavior tab of main exe reveals some patterns that triggered the alarm: Change PowerShell Policies & CLOP Ransomware.
For pwsh policy, I believe the trigger is ESLifyEverything\BSABrowser\System.Management.Automation.dll in the release zip. I have the original BSA Browser installed. Not sure why it triggers the alarm for this project but not BSAB.
For CLOP, I do see a mention to notepad++.exe in ESLifyEverything\Test\TestMethods.cs in this repo, which could be the reason that triggers the alarm. Maybe you can try remove the line and see if it helps.
When downloading the ESLifyEverything.rar V4.10.0 Windows defender is getting a hit on a script identified as Wacatac.B!ml and thinks it is a Trojan. What is this file? Where does it come from in the project? and What does it do?