Windows Security is identifying several of the images in the gallery as a virus

[daedreaming]

Describe the bug Several of the images in the gallery feature are identified by Windows Security as having Trojan:Win32/Casdet!rfn and get quarantined immediately.

To Reproduce Use Windows Security, latest version, on latest Windows 11. Open Anamnesis on the front page with the gallery set to rotate images. Security blocks some (but not all) of them for above virus.

Repeatability Every time.

Expected behaviour Images to not get identified as infected with a trojan?

Maybe a false positive but just making it noted since it scared me. 👍

[Counterpoint-Storm]

Can confirm this is happening to me as well. Same trojan same method of reproduction and repeatability.

Not sure if it's a false positive or not but it has me scanning my system trying to find out.

[lilybunne]

Likewise, the moment I open up Anamnesis, Windows Defender starts repeatedly providing notifications about trojans in the imagecache folder.

[StoiaCode]

In order to get it to stop, please disable the curated gallery in settings.

Anamnesis and Windows Defender

TL;DR Yes, Its a false flag. Please add an exception for Anamnesis like described here: https://support.microsoft.com/en-us/windows/add-an-exclusion-to-windows-security-811816c0-4dfd-af4a-47e4-c301afe13b26

Hey! Its this time of the year again and Windows Defender has recently gotten an update that, once again, flags Anamnesis as potentially dangerous application. As every time this has been the case, Anamnesis hasn't even received an update for a while. So what is it then? (Danger; Technic blabber ahead)

The nature of the software we use to modify our game is that it has to access data of another program. Not hard drive data, but data that is currently being worked on inside the system. This is the case for Anamnesis as much as for Dalamud and therefor all other plugins. As one can imagine, from a neutral standpoint accessing this data is a potentially big security risk. How would the Anti-Virus know we only use it in order to make your cute little character do silly little poses? Well, usually Anti-Virus doesn't flag our modding software for one reason or another, why exactly is usually as far out of our jurisdiction as for why it sometimes does, but it does happen that an update on their end slips through that causes it to be flagged all over again. This isn't the first time, and it wont be the last time. For now keep telling it that it misidentified the threat and add an exception. Hopefully that will 'whitelist' us again!

As a reminder; the code is and always has been fully transparent. Not only is it open source, but you also can directly follow the build process in the Github actions: https://github.com/imchillin/Anamnesis/actions From there it gets taken directly into the update cycle that you see the popup off. So if you do have any concerns, we invite you to check for yourself or have someone else check.

Anamnesis and Windows Defender Part 2

It's still a false flag. The false flags are happening because we used to use discord to host the files for the gallery, but discord pulled the plug on that. Windows defender doesn't like that it can't find the PNGs, so it marks as a trojan. Please disable the curated gallery until we can get a fix.

[Kobi-Blade]

Is not a false positive, however Anamnesis is not malware but it has severe vulnerabilities and outdated code.

[StoiaCode]

ok

[Squall-Leonhart]

It's indeed not a false positive, these images are infected and in viewers that have the right vulnerability can trigger RCE.

anamnesis is not the flagged app, its the contents of the cache, it has never been a bright idea to carousel other peoples screenshots in this tool, this was always only a matter of time.

[StoiaCode]

Not only wrong, this issue has also been fixed month ago.

[Squall-Leonhart]

Nice joke, but a path 404'd does not trigger Defender to throw a detection.

[StoiaCode]

You have clearly no idea what the issue was. It was never a 404.

[chirpxiv]

It's indeed not a false positive, these images are infected and in viewers that have the right vulnerability can trigger RCE.

anamnesis is not the flagged app, its the contents of the cache, it has never been a bright idea to carousel other peoples screenshots in this tool, this was always only a matter of time.

Nice joke, but a path 404'd does not trigger Defender to throw a detection.

I recommend educating yourself on the relevant issue before commenting on it. https://www.tomshardware.com/software/antivirus/microsoft-defender-flags-text-file-containing-this-content-is-no-longer-available-as-a-severe-threat