martindstone / pagerduty-cli

A command line interface for PagerDuty
MIT License
91 stars 12 forks source link

MS Defender exclusion #44

Open galitz opened 1 year ago

galitz commented 1 year ago

Hi. A recent install of the Win x64 version of this app triggered an EDR alert:

"C:\WINDOWS\system32\cmd.exe" /C powershell -ExecutionPolicy Bypass -Command "& {Add-MpPreference -ExclusionPath "C:\Users\USER\AppData\Local\pagerduty-cli"}" -FFFeatureOff

It appears to be trying to exclude itself from MS Defender. Why is that?

martindstone commented 1 year ago

Hi @galitz, I am not sure off hand; the .exe installer is generated by the oclif framework and I haven't looked into the specifics of how it makes the MSI. If in doubt, you could use npm install -g pagerduty-cli instead -- would that be ok?

martindstone commented 1 year ago

Hi again @galitz - I found the relevant line in the oclif framework's installer generator here. We would have to open an issue against this repo (and ideally submit a PR) in order to get this addressed.

Since I am not a Microsoft Windows expert, can you help me understand the impact of this? Does it prevent you from using the installer to install the CLI if you don't want to accept this exclusion?