Microsoft defender false positives of Go binaries on windows

[42wim]

Go binaries are more and more detected as false positive trojans by the (machine learning AI) of Microsoft Defender.

This makes it very difficult for developers to support and release binaries for windows. (Compiling the same code as a linux binary btw doesn't get detected by Defender)

See also

• https://go.dev/doc/faq#virus
• https://www.reddit.com/r/golang/comments/s1bh01/goexecutables_and_windows_defender/
• https://github.com/kachick/dotfiles/issues/442
• multiple other sources on github/internet

This isn't probably that can be solved here, but I didn't really find a better way to contact anyone about this.

[dagood]

Yeah, on the Microsoft Go team we're aware of Windows Security/Defender issues with Go apps. You're right that we can't exactly go fix something and solve all Go false positives. 😄 I do have a few links about this to share, though:

There is some information here about some steps you can take as a developer: Partnering with the industry to minimize false positives. The headliner is signing. Signing is already mentioned in the Reddit post you linked, but this article explains a bit more about why that helps. The other tips are also interesting, but whether or not they're helpful probably depends on the app.

Ultimately, you can also report individual false positives to https://www.microsoft.com/en-us/wdsi/filesubmission.

[42wim]

Thanks for the feedback, I'm already signing the executables with sectigo and unfortunately my experience with signing is that it doesn't really make much of a difference. It seems random.