Closed thaifoodninja closed 9 months ago
fyr77
commented
9 months ago I am aware of this. I suppose I have to report it as a false positive to these antivirus vendors.
Generally, I can only tell you that EnvyUpdate is in fact not malicious. The source code is visible here and if one does not trust my compiled exe (which is fair), the code can be compiled directly from this source here.
But thank you for the information, I will get to work reporting the false positives when I get the time.
fyr77
commented
9 months ago Alright, checking out the VirusTotal analysis I noticed that my packing of the application with costura seems to trip the detection. Unfortunately, I do not have another practical way to ship a single exe, so I will instead submit notices of false positives.
fyr77
commented
9 months ago I have received an answer from Microsoft and they removed EnvyUpdate from their detection list. I will quote the answer I got here for future reference:
At this time, the submitted files do not meet our criteria for malware or potentially unwanted applications. The detection has been removed. Please follow the steps below to clear cached detections and obtain the latest malware definitions.
- Open command prompt as administrator and change directory to c:\Program Files\Windows Defender
- Run “MpCmdRun.exe -removedefinitions -dynamicsignatures”
- Run "MpCmdRun.exe -SignatureUpdate"
Alternatively, the latest definition is available for download here: https://docs.microsoft.com/microsoft-365/security/defender-endpoint/manage-updates-baselines-microsoft-defender-antivirus
fyr77
commented
9 months ago I will close this issue for now, it should be sufficiently dealth with. If you disagree, feel free to reopen it :)
Windows has been repeatedly scrubbing EnvyUpdate from my machine Trojan:Win32/Bearfoos.B!ml
virustotal does give some hits back as well https://www.virustotal.com/gui/file/0203f52776e0b567b1816e44fb325c03f12f0221134e25f70ae7329f6643f80d