Closed xiaoguazh closed 6 months ago
That's going to be a false positive.
That's going to be a false positive.
Thanks so much mhammond for the comments.
I also suspect very likely the Trellix wrongly reports this alert. or something like Jupyter plugin in VSCode is tamperred? and it downloads a tamperred win32crypt.pyd from somewhere ?
Issues like this are gonna be antivirus false-positive and/or due to download from a different source than pywin32's official distributions. (same as #2135)
Use VSCode 1.80.0 + Python 3.11.4 on Win10, try to run the most simple python code with "Run in Interactive Window", got Threat message from Trellix: win32crypt.pyd => Trojan: Artemis!5390ADE0ED54, see the screenshot. It seem VSCode will install Jupyter plugin, and this plugin requests pywin32.
win32crypt.pyd without Trojan.
Trellix Agent: 5.7.9.139 Trellix Endpoint Security: 10.7 VScode 1.80.0 pywin32 306
Run any python code with "Run in Interactive Window"
Python 3.11.4
Name: pywin32 Version: 306 Summary: Python for Window Extensions Home-page: https://github.com/mhammond/pywin32 Author: Mark Hammond (et al) Author-email: mhammond@skippinet.com.au License: PSF Location: C:\Users\garyzhao\AppData\Roaming\Python\Python311\site-packages Requires: Required-by: jupyter_core, plumbum