CarterLi
commented
1 year ago Well, I use Windows Defender too, and compile fastfetch many times per day. Windows Defender never report fastfetch as a virus or trojan.
Closed Hekzory closed 1 year ago
CarterLi
commented
1 year ago Well, I use Windows Defender too, and compile fastfetch many times per day. Windows Defender never report fastfetch as a virus or trojan.
Hekzory
commented
1 year ago Well, I use Windows Defender too, and compile fastfetch many times per day. Windows Defender never report fastfetch as a virus or trojan.
Well, you recompiling it every day is literally the reason why it is not detected, since every change in code or even changing compiler version/compiler options changes the exe file so it helps to prevent defender from flagging the program. Since there is no actual malicious intent in the code it does not flag every version you recompile. Also I got it literally yesterday after windows defender update, so it could also not reach you yet unless you also update your windows every day
Reyhn3
commented
1 year ago I just had the same problem with CrowdStrike Falcon.
Update: FWIW, I submitted v2.0.5 to Hybrid Analysis, and it doesn't look good. Fastfetch gets a very low score for doing exactly what it is supposed to do.
Carterpersall
commented
1 year ago I have fastfetch in my PowerShell startup profile and can corroborate that Defender is flagging it as a trojan.
CarterLi
commented
1 year ago Update: FWIW, I submitted v2.0.5 to Hybrid Analysis, and it doesn't look good. Fastfetch gets a very low score for doing exactly what it is supposed to do.
This is very useful
Installs hooks/patches the running process
Well, I don't do that. The only similar thing is that fastfetch scans loaded modules of cmd.exe to find if users are using clink
Contains ability to retrieve information about the current system
Correct
Checks a device property (often used to detect VM artifacts)
Right
Contains ability to terminate a process
Right, if a child process runs too long
Found a reference to a WMI query string known to be used for VM detection
Right
Well it does seem to be a trojan. I confess.
alessandromrc
commented
7 months ago Well, I use Windows Defender too, and compile fastfetch many times per day. Windows Defender never report fastfetch as a virus or trojan.
Windows generally doesn't flag what you compile on the same machine.
theofficialgman
commented
5 months ago @CarterLi you should be signing your windows releases (see https://github.com/PrismLauncher/PrismLauncher/pull/865 for an example of doing that in github actions) so that you can build up your smartscreen reputation with your certificate. this will eventually prevent windows defender flagging as trojan
some info on that https://stackoverflow.com/questions/77101110/smartscreen-still-gives-warning-with-ev-code-signing-certificate
CarterLi
commented
5 months ago Good idea! Then where can I get the money for buying the EV certificate?
Recently my fastfetch stopped working, after some checks I realised that exe was removed by Windows Defender as "Win32/Bearfoos.A!ml", downloading the last version from GitHub also was blocked until I got the program allowed in Defender's settings. Im sure its false positive, but still wanted to notify you and other users about the issue just in case. Interestingly, the flashfetch version is not flagged for some reason.