[SECURITY] Unsigned files may cause false-positive alerts in Microsoft Defender

[cwings-dvb]

Please confirm these before moving forward

• [X] I have searched for my issue and have not found a work-in-progress/duplicate/resolved issue.
• [X] I have tested that this issue has not been fixed in the latest (beta or stable) release.
• [X] I have checked the FAQ section for solutions.
• [X] This issue is about a bug (if it is not, please use the correct template).

UniGetUI Version

3.1.0

Windows version, edition, and architecture

Windows 10 Enterprise 22H2 1000.19060.1000.0 x64

Describe your issue

Microsoft Defender was reporting alerts related to "Suspicious ActiveConnToAttackerServer behavior". The rootcause seems to be related to Chocolatey which might have tried to install something but was flagged as suspicious. See the screenshot.

Anomaly detection is partly influenced by the use of unsigned files (which increase the risk value of the file) and we noticed that while the executable (WingetUI.exe) is signed, several .dll files and the UniGetUI.Installer.tmp file from the screenshot were not.

Would it be possible for the developers to sign those files? That might prevent future alerts related to anomaly detection.

Steps to reproduce the issue

See the screenshots for examples

UniGetUI Log

N/A

Package Managers Logs

N/A

Relevant information

No response

Screenshots and videos

[marticliment]

I will investigate. The installer temp will not be signed (it is a temp file generated on runtime) but I will see if I can sign the DLLS