ipinfo / cli

Official Command Line Interface for the IPinfo API (IP geolocation and other types of IP data)
https://ipinfo.io/
Apache License 2.0
1.76k stars 153 forks source link

Windows Defender flagging as Name: Trojan:Win32/Bearfoos.A!ml #213

Open teejboc opened 8 months ago

teejboc commented 8 months ago

Windows defender started flagging this version as a Trojan. I submitted to them to inspect and investigate. Not sure if this is the place to post this but wanted developers to be aware.

Microsoft Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Bearfoos.A!ml&threatid=2147731250&enterprise=1 Name: Trojan:Win32/Bearfoos.A!ml ID: 2147731250 Severity: Severe Category: Trojan Path: file:_C:\Users\xxxxxx\AppData\Local\ipinfo\ipinfo.exe Detection Origin: Local machine Detection Type: FastPath Detection Source: Real-Time Protection User: AzureAD\xxxxxx Process Name: C:\Program Files\PowerShell\7\pwsh.exe Security intelligence Version: AV: 1.407.105.0, AS: 1.407.105.0, NIS: 1.407.105.0 Engine Version: AM: 1.1.24020.9, NIS: 1.1.24020.9

abdullahdevrel commented 2 months ago

Any update on this? What did Microsoft reported back?

teejboc commented 2 months ago

I never heard back. I had to install a different version for Defender to allow it.

Thanks, Tj Warren IT Director and Information Security Officer BOC Bank


From: Abdullah @.> Sent: Friday, September 6, 2024 8:34 AM To: ipinfo/cli @.> Cc: Tj Warren @.>; Author @.> Subject: Re: [ipinfo/cli] Windows Defender flagging as Name: Trojan:Win32/Bearfoos.A!ml (Issue #213)

You don't often get email from @.*** Learn why this is importanthttps://aka.ms/LearnAboutSenderIdentification

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.

Any update on this? What did Microsoft reported back?

— Reply to this email directly, view it on GitHubhttps://github.com/ipinfo/cli/issues/213#issuecomment-2334071784, or unsubscribehttps://github.com/notifications/unsubscribe-auth/A4DBGYPQQPMABVGZBYY2ITLZVGVNRAVCNFSM6AAAAABENQRD4GVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDGMZUGA3TCNZYGQ. You are receiving this because you authored the thread.Message ID: @.***>

abdullahdevrel commented 2 months ago

I am not sure if I will have any luck reaching out to them as well.

In terms of security issues, the code is purely open source, with no third-party calls except to IPinfo's API and downloading the Go packages. Feel free to explore it. Let me know if you have any future issues with using our services. Happy to help.

Best Regards,

Abdullah Developer Relations (DevRel) IPinfo.io - Internet Data Provider