Windows Defender marks exe file as virus

jstarks / npiperelay

npiperelay allows you to access Windows named pipes from WSL

MIT License

660 stars 71 forks source link

Windows Defender marks exe file as virus #17

Open pszypowicz opened 3 years ago

pszypowicz commented 3 years ago

Also the virustotal output: https://www.virustotal.com/gui/file/ff41951c3f519138bb0e61038d7155c6c38194d4d8a3304f46c67c4572ee8bec/detection

stuartleeks commented 3 years ago

I submitted this to the Defender team as a false positive and it has been removed:

We have removed the detection. Please follow the steps below to clear cached detection and obtain the latest malware definitions.
 1. Open command prompt as administrator and change directory to c:\Program Files\Windows Defender 
 2. Run “MpCmdRun.exe -removedefinitions -dynamicsignatures”
 3. Run "MpCmdRun.exe -SignatureUpdate"
Alternatively, the latest definition is available for download here: https://www.microsoft.com/en-us/wdsi/definitions

pszypowicz commented 3 years ago

And it worked. Defender no longer removes it. Thanks!

stuartleeks commented 3 years ago

Glad it worked - thanks for confirming 😃

anaisbetts commented 3 years ago

This is back, see https://www.virustotal.com/gui/file/4e3c8793543b96738e041946ee73118669aaaba20d2fd8310ebf5ffbb6d15928/detection - Windows 11 is now removing this file :-/

anaisbetts commented 3 years ago

Yeah......I kinda get why Windows Defender keeps flagging this file, Go loads all APIs dynamically via LoadLibrary / GetProcAddress, from a debugger perspective it looks suuuuuuper shady