search

benrhughes / todotxt.net

An implementation of todo.txt for Windows using the .NET framework
http://benrhughes.github.io/todotxt.net/
Other
501 stars 123 forks source link

Release 3.3.1 (Portable) detected as Trojan by Windows Defender #434

Open perroboc opened 2 years ago

perroboc commented 2 years ago

In windows 10, I'm unable to download the portable version of release 3.3.1, because Windows Defender detects Trojan:Win32/Tisifi.RR!MTB in the binary file:

webfile: C:\Users\Álvaro\Downloads\todotxt-portable-3.3.1.zip|https://objects.githubusercontent.com/github-production-release-asset-2e65be/1613966/70d3f000-c899-11e9-8986-04513476f0f5?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20220112%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20220112T220304Z&X-Amz-Expires=300&X-Amz-Signature=de9c6c0406325908e8accf9506ab8c8218727a77ece0a06d02705cd9773f41be&X-Amz-SignedHeaders=host&actor_id=2722773&key_id=0&repo_id=1613966&response-content-disposition=attachment%3B%20filename%3Dtodotxt-portable-3.3.1.zip&response-content-type=application%2Foctet-stream|pid:15376,ProcessStart:132864985856192890

VirusTotal doesn't detect anything, nor does OPSwat

CodeGrammer45 commented 2 years ago

Update 2022-04-12:

I got reached out to by the cyber team at my work about a malicious file on my computer. Decided to check the .exe for the latest release of todotxt.net, and both VirusTotal and OPSwat found potential malware.

Largo commented 2 years ago

Update: 2022-06-29: Windows Defender is not finding anything and only 2 minor anti-virus vendors detect the file, so it's safe to say that it is a false positive.

Boggin commented 2 years ago

Update: 2022-06-29: Windows Defender is not finding anything and only 2 minor anti-virus vendors detect the file, so it's safe to say that it is a false positive.

Trojan:Win32/Tisifi.RR!MTB Windows Defender is flagging the release. @Largo, it was specifically mentioned it OP's report.

Largo commented 2 years ago

Strange. I confirmed with the hash that I downloaded the same release as OP and checked it locally with windows defender and re-uploaded it to Virus Total. I'm using definitions 1.369.576.0 from 2022-07-01

Maybe try submitting it to Submit a file for malware analysis - Microsoft Security Intelligence

Another project is facing a similiar issue: https://github.com/gus33000/UUPMediaCreator/issues/18