Windows Defender automatically deletes "v1.13.6 UMD (Development)"

[gavJackson]

I downloaded v1.13.6 UMD (Development) (from https://underscorejs.org/underscore-umd.js) and added it to my project and windows defender automatically deletes it! Turns out it thinks its Malware!

The workaround is to use the minified version, so its not too bad but i figured you'd want to know, not sure if there is anything you can do tho.

I have no idea what a "GootLoader" is, but googling it came up with this https://redcanary.com/blog/gootloader/

[jgonggrijp]

Thanks for reporting. Have you reported the issue to Windows Defender as well?

If I understand the article correctly, Gootloader is malware that, at some point, has included Underscore source code in order to masquerade as legitimate JS code. Apparently, Windows Defender now considers Underscore source code as a fingerprint for Gootloader. I am afraid there is nothing we can do about this as Underscore maintainers; Windows Defender needs to pick smarter fingerprints.

[gavJackson]

wow that sucks, so this malware thing has sucked in your code to look legit and now Windows Defender thinks your code is dodgy.

i'll see if i can report it to windows defender as other libraries could get sucked in too - and then Windows Defender will automatically deletes those js files too (which is super confusing btw!)

[jgonggrijp]

Thanks!