Closed adic3x closed 7 months ago
I just got the same...
Same here
I've updated the MSAV, and the problem remains. Does this file presents real threat or it's a false positive?
This is a false positive. This is https://github.com/golang/vscode-go/blob/master/vscgo/main.go and also see https://go.dev/doc/faq#virus.
Question for windows users: An alternative I am thinking is to package a precompiled binary with the extension, instead of letting the extension install the binary using go install
when getting activated. But it is unclear to me if that's sufficient to make those virus scanners silent. As far as I know other extensions also bundle go binaries, for example GH copilot or google cloud code. Have the virus scanners complained them?
Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.405.308.0) fix this issue, so it really looks like false positive.
From the beginning I thought it was more likely an M$ problem. Anyway it would be nice if the golang developer team and M$ both collaborated to avoid false positives without compromising the security of the system.
@hyangah ,
thanks for quick response. I think everyone here was suspecting false positive, but we needed someone to check and confirm :)
But it is unclear to me if that's sufficient to make those virus scanners silent
Not sure either - most likely the presence/use of binary is the trigger, not the way it was delivered...
I'm getting this, which I guess is related. However, I don't know if its due to some corporate policy:
Question for windows users: An alternative I am thinking is to package a precompiled binary with the extension, instead of letting the extension install the binary using go install when getting activated. But it is unclear to me if that's sufficient to make those virus scanners silent.
This will help lowering the chances of false positive. MS Defender don't like applications that install software without user interaction.
Question for windows users: An alternative I am thinking is to package a precompiled binary with the extension
This, coupled with signing the binary with a code signing certificate, would be the best bet: most anti-malware solutions attach reputation to both the file hash (which will vary by release) and the certificate used to sign it (which will vary much more rarely), so code signing any PEs is a really good way of avoiding reputation-based false positives.
(Sadly it does come with a financial cost for the certificate, though - there's no equivalent of Let's Encrypt for code signing certs - yet!)
Change https://go.dev/cl/565679 mentions this issue: extension/src/goMain: skip vscgo installation on windows
Change https://go.dev/cl/565680 mentions this issue: [release] extension/src/goMain: skip vscgo installation on windows
We are going to release v0.41.1 tomorrow. The version disables vscgo
invocation on windows.
Release candidate - https://github.com/golang/vscode-go/releases/tag/v0.41.1-rc.1
Thanks for reporting and investigating this issue.
Extension installed from VS Code downloaded from official site (https://code.visualstudio.com/)
*:\Users***.vscode\extensions\golang.go-0.41.0\bin\vscgo.exe (MD5 c93025a0a7a7ac3db48a0333af22fd0e)
Detected: Trojan:Win32/Wacatac.B!ml
Cool.