Problem with Release 1.1.1

[sun2151980]

FYI - Release 1.1.1 is being flagged by Windows Defender to contain a threat. (Trojan:Script/Wacatac.B!ml).

[iann0036]

Hi @sun2151980,

Thanks for raising. I've put the Windows binaries for this release through VirusTotal and couldn't identify the threat myself. Could you indicate which exact file you downloaded, and also perhaps check the threat-indicated file? I believe you can do that by visiting:

Win + I (Settings) -> Privacy & security -> Windows Security -> Virus & threat protection -> Protection history and identify the flag. This should tell you the exact filename that was picked up.

[sun2151980]

Hello @iann0036

I get the message from Windows Defender when I try to download 'iamlive-v1.1.1-windows-amd64.zip from here: https://github.com/iann0036/iamlive/releases/download/v1.1.1/iamlive-v1.1.1-windows-amd64.zip

The message that I get is as attached (IAMLive_Defender_Download.jpg).

The entire message in Defender is also attached (IAMLive_Defender_Blocked_Message.jpg).

I am using Chrome on a Windows 10 Pro 22H2. (Note: I have no problems with release 1.1.0)

[iann0036]

Hey @sun2151980,

Appreciate that follow up. I still can't seem to identify why that file would be flagged.

The VirusTotal scan results turn up nothing, and I can't replicate on a Windows 11 box.

Even more interesting that 1.1.0 is fine and 1.1.1 is flagged, as the only change between them is JSON files. Maybe there's a specific string that's freaking it out. You could run a go build yourself if you happen to have Go installed, otherwise I'll keep monitoring for other instances of this kind of report.

Future travellers; please do comment if you find the same thing on your machine.

[iann0036]

@sun2151980 slight update from Microsoft,

They request a breakdown using the following instructions:

From an elevated command prompt, change to directory "%programfiles%\windows defender" and execute mpcmdrun.exe with option GetFiles:

cd "%programfiles%\windows defender"
mpcmdrun.exe -GetFiles

If you feel comfortable sending the resulting MPSupportFiles.cab file to me directly (contact@ian.mn), I can follow up and chase up as needed. Otherwise you can probably submit it yourself via https://www.microsoft.com/en-us/wdsi/filesubmission

Thanks in advance for the help!

[sun2151980]

Hello Ian:

The MPSupportFiles.cab has been uploaded to MS. Details below:

mpsupportfiles.cab Submission ID: 467ac995-703d-46ed-91d3-5349ddc2bb49 Status: Submitted Submitted: Sep 20, 2023 8:56:21 PM User Opinion: Incorrect detection

[iann0036]

Thanks @sun2151980,

Keep me updated if you hear anything back.

[sun2151980]

Hello @iann0036 It has been a good 3 weeks and I haven't heard anything back. Would the response be better if I sent you the .CAB to upload to MS?

[iann0036]

Hey @sun2151980,

Sorry for the issues. I'm happy to try, but I'll likely have the same response as yourself.

You can reach me at github [at] ianmckay [dot] com [dot] au

[iann0036]

Hey @sun2151980,

A quick note that a couple of releases have since been released. Let me know if this is still occurring for you.

[sun2151980]

Hello @iann0036 I can confirm that the original problem no longer persists in 1.1.5. Thank you!!