False? virus warning

[DolphineCZ]

I am getting ?false? virus warning on xmr-stack-win64

Windows Defender with repositiory as of 5.Apr 2018 reporting:

Trojan:Win32/Woreflint.A!cl in xmrstak_cuda_backend.dll Trojan:Win32/Fuery.A!cl in xmr-stak.exe

[mutl3y]

I have this as well so compiling my own

[Spudz76]

Jackhats use xmr-stak, and other miner exes, in worms and such for mining for free on other peoples equipment, so they have all been cataloged as garbage.

It is only to protect normal (?) users that do not intend to have mining software on their computer. Safe to ignore / whitelist it is purely a false notice by association because some people are doing it wrong.

[Jyewnidt]

man Windows defender is a real @$$, I've tried exempting the folder, the individual files, disabling WD completely. Still wont let me run it. It didn't bother @ all with my older versions... Been @ it for 60 mins now.

[psychocrypt]

It is working when you exclude a folder and download the zip directly into this folder.

[Jyewnidt]

Awesome, I did this, however when i attempted to extract it, i did get a message stating it was getting deleted, however it was not. Thank you!

[payomagic]

older versions were passing as clear / 21 secops progz are raising a flag now. Defender and 20 others cannot distinguish between a real malware and a "masked" copy.

The CPU.exe executable is actually a modified copy of the cpuminer mining program. This executable is ultimately launched by a scheduled task that will be created called Google_SU.

[scryptkyddy]

i recall seeing a registry script to disable/enable windows defender included with the nicehash miner legacy zip, you can find that by downloading "for amd" on nicehash's download site.