Windows Service Detected as PossibleThreat.DU - Githubissues

grafana / alloy

OpenTelemetry Collector distribution with programmable pipelines

https://grafana.com/oss/alloy

Apache License 2.0

1.47k stars 221 forks source link

Windows Service Detected as PossibleThreat.DU #1811

Open davideverall opened 1 month ago

davideverall commented 1 month ago

What's wrong?

Our FortiClient AV client has detected alloy-service-windows-amd64.exe as PossibleThreat.DU

If we wanted to use alloy solely for log ingestion, would setting these installer flags achieve that?

/DISABLEREPORTING= yes /DISABLEPROFILING= yes

We suspect it could be the profiling/telemetry that has triggered the detection.

Virustotal detection page: https://www.virustotal.com/gui/file/2473adf82c4bacd129140f6361e46ea173e8bb7baf2f20466ac12ac65ddf7bd2/detection

Steps to reproduce

Install alloy-installer-windows-amd64.exe with default flags
start the Alloy service

System information

Windows Server 2019

Software version

Grafana Alloy 1.4.1

Configuration

No response

Logs

No response

github-actions[bot] commented 3 weeks ago

This issue has not had any activity in the past 30 days, so the needs-attention label has been added to it. If the opened issue is a bug, check to see if a newer release fixed your issue. If it is no longer relevant, please feel free to close this issue. The needs-attention label signals to maintainers that something has fallen through the cracks. No action is needed by you; your issue will be kept open and you do not have to respond to this comment. The label will be removed the next time this job runs if there is new activity. Thank you for your contributions!