search

microsoft / winget-cli

WinGet is the Windows Package Manager. This project includes a CLI (Command Line Interface), PowerShell modules, and a COM (Component Object Model) API (Application Programming Interface).
https://learn.microsoft.com/windows/package-manager/
MIT License
22.44k stars 1.39k forks source link

DisplayLink.Graphics update sets off Antivirus #4476

Open poa00 opened 1 month ago

poa00 commented 1 month ago

Brief description of your issue

When I used winget to upgrade the DisplayLinks Graphics on my enterprise machine, antivirus flags it with "Vulnerability detected." Unfortunately, in my scramble to delete the downloaded files, I did not screenshot the warning.

Steps to reproduce

Run winget upgrade -Name <name of DisplayLink Graphics update>

Expected behavior

Update proceeds normally.

Actual behavior

Update blocked by Enterprise Security.

Environment

Windows Package Manager v1.7.11261
Copyright (c) Microsoft Corporation. All rights reserved.

Windows: Windows.Desktop v10.0.22621.3447
System Architecture: X64
Package: Microsoft.DesktopAppInstaller v1.22.11261.0

Winget Directories
-----------------------------------------------------------------------------------------------------------------------
Logs                               %LOCALAPPDATA%\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\LocalState\Diag…
User Settings                      %LOCALAPPDATA%\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\LocalState\sett…
Portable Links Directory (User)    %LOCALAPPDATA%\Microsoft\WinGet\Links
Portable Links Directory (Machine) C:\Program Files\WinGet\Links
Portable Package Root (User)       %LOCALAPPDATA%\Microsoft\WinGet\Packages
Portable Package Root              C:\Program Files\WinGet\Packages
Portable Package Root (x86)        C:\Program Files (x86)\WinGet\Packages
Installer Downloads                %USERPROFILE%\Downloads

Links
---------------------------------------------------------------------------
Privacy Statement   https://aka.ms/winget-privacy
License Agreement   https://aka.ms/winget-license
Third Party Notices https://aka.ms/winget-3rdPartyNotice
Homepage            https://aka.ms/winget
Windows Store Terms https://www.microsoft.com/en-us/storedocs/terms-of-sale

Admin Setting                             State
--------------------------------------------------
LocalManifestFiles                        Disabled
BypassCertificatePinningForMicrosoftStore Disabled
InstallerHashOverride                     Disabled
LocalArchiveMalwareScanOverride           Disabled
Trenly commented 1 month ago

Can you please share the list of security software on your device? I've tried running this on my VM with several different Antivirus Softwares and none of them have triggered. I also checked the file and the download URL with VirusTotal and both showed 0 flags.

Based on the message Blocked by Enterprise Security, it seems likely that your Enterprise security rules might not be updated, might have an explicit block, or are just extremely strict, as I'm not able to replicate this issue at all

poa00 commented 1 month ago

Yes I work for a global tech consulting firm that boasts having the world's best security services so I would not be surprised if they are understandably protecting their good name from the likes of me and my casual browsing 😆 To answer your question though (which maybe I just did) all of the security software (aside from Defender) is developed in-house specifically for internal workstations and not publicly available / known.

Edit: (If it helps) the file that was flagged was one created in the %LocalAppData% directory in a subfolder namedDL2.tmp. Unfortunately I did not catch the filename but it was identified as a 7Z SFX Console file, presumably a self-extracting archive.