Closed cdonnellytx closed 2 months ago
Unable to reproduce the issue.
10:28:01 D:\...\winget-pkgs [master ≡] 1ms pwsh> sudo { winget install -e vim.vim }
已找到 Vim [vim.vim] 版本 9.1.0514
此应用程序由其所有者授权给你。
Microsoft 对第三方程序包概不负责,也不向第三方程序包授予任何许可证。
正在下载 https://github.com/vim/vim-win32-installer/releases/download/v9.1.0514/gvim_9.1.0514_x64.exe
██████████████████████████████ 10.8 MB / 10.8 MB
已成功验证安装程序哈希
正在启动程序包安装...
已成功安装
10:28:30 D:\...\winget-pkgs [master ≡] 20.208s pwsh> winget --info
Windows 程序包管理器(预览) v1.8.924-preview
版权所有 (C) Microsoft Corporation。保留所有权利。
Windows: Windows.Desktop v10.0.22631.3737
系统体系结构: X64
软件包: Microsoft.DesktopAppInstaller v1.23.924.0
Winget 目录
-------------------------------------------------------------------------------------------------------------------
日志 %LOCALAPPDATA%\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\LocalState\DiagOutputDir
用户设置 %LOCALAPPDATA%\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\LocalState\settings.json
可移植链接目录(用户) %LOCALAPPDATA%\Microsoft\WinGet\Links
可移植链接目录(计算机) C:\Program Files\WinGet\Links
可移植包根目录(用户) D:\Applications\WinGet\Packages\Users\
可移植包根目录 D:\Applications\WinGet\Packages\Machine\
可移植包根目录 (x86) D:\Applications\WinGet\Packages\Machine\
安装程序下载 D:\Dragon1573\Downloads
链接
----------------------------------------------------------------------------
隐私声明 https://aka.ms/winget-privacy
许可协议 https://aka.ms/winget-license
第三方声明 https://aka.ms/winget-3rdPartyNotice
主页 https://aka.ms/winget
Windows 应用商店条款 https://www.microsoft.com/en-us/storedocs/terms-of-sale
管理员设置 状态
------------------------------------------------
LocalManifestFiles 已启用
BypassCertificatePinningForMicrosoftStore 已禁用
InstallerHashOverride 已禁用
LocalArchiveMalwareScanOverride 已禁用
ProxyCommandLineOptions 已禁用
DefaultProxy 已禁用
Is there some sort of automated scan / upload with Defender that y'all can do to ensure that you vet the installs you certify with the Defender team to catch and deal with false positives and/or threats?
All applications go through multiple scans when a manifest is submitted. You can read more about how WinGet ensures the security of packages in the FAQ - How do I know packages in the community repository are safe?.
Regarding false positives - they do occur, but there really isn’t anything WinGet can do about it. Fundamentally, all WinGet does is download the software from the publisher's website, and run it with the correct switches to install unattended just like if a user had run it from the command line themselves. Any false positives need to be handled between the publisher of the software and anti-malware providers themselves. There isn’t really anything that WinGet can do to help avoid a false positive.
OK, it sounds like you're already doing all you can do already. Thanks!
Please confirm these before moving forward
Category of the issue
Installation issue.
Brief description of your issue
vim.vim 9.1.0512: installed file
vim/vim91/install.exe
is being flagged as having theTrojan:Win32/Bearfoos.A!ml
this time by Microsoft Defender.I have submitted the installer executable to Microsoft Security file submission to report it is not malware -- or at least, it probably isn't.
The reason I'm opening this here is that this is apparently a routine occurrence for them:
Is there some sort of automated scan / upload with Defender that y'all can do to ensure that you vet the installs you certify with the Defender team to catch and deal with false positives and/or threats?
Steps to reproduce
Actual behavior
Microsoft Defender alerts me to a virus as the install runs, then and subsequently quarantines and removes
C:\Program Files\vim\vim91\install.exe
.Expected behavior
Microsoft Defender knows this doesn't have a virus and thus does not alert/quarantine/remove.
Environment
Screenshots and Logs
A screenshot in case the Defender team fixes this for now by the time you read this: