Open pszypowicz opened 3 years ago
I submitted this to the Defender team as a false positive and it has been removed:
We have removed the detection. Please follow the steps below to clear cached detection and obtain the latest malware definitions.
1. Open command prompt as administrator and change directory to c:\Program Files\Windows Defender 2. Run “MpCmdRun.exe -removedefinitions -dynamicsignatures” 3. Run "MpCmdRun.exe -SignatureUpdate"
Alternatively, the latest definition is available for download here: https://www.microsoft.com/en-us/wdsi/definitions
And it worked. Defender no longer removes it. Thanks!
Glad it worked - thanks for confirming 😃
This is back, see https://www.virustotal.com/gui/file/4e3c8793543b96738e041946ee73118669aaaba20d2fd8310ebf5ffbb6d15928/detection - Windows 11 is now removing this file :-/
Yeah......I kinda get why Windows Defender keeps flagging this file, Go loads all APIs dynamically via LoadLibrary
/ GetProcAddress
, from a debugger perspective it looks suuuuuuper shady
Also the virustotal output: https://www.virustotal.com/gui/file/ff41951c3f519138bb0e61038d7155c6c38194d4d8a3304f46c67c4572ee8bec/detection