Windows CLI getting mistakenly flagged by Windows Defender Virus Scan

[danielamiao]

Instructions: https://github.com/momentohq/momento-cli#windows

A customer reported that Windows classifies the CLI as a trojan. This is reproducible in any Windows environment. Release v0.20.0 is OK. Chrome warns that in v0.20.1 and v0.21.0: "This file is not commonly downloaded and may be dangerous.". I can choose to keep the file and then Windows gives the OK on the binary. v0.21.1 is classified as a trojan. Windows Security gives the following details: Trojan:Win32/Wacatac.H!ml momento.exe webfile: C:\Users\micha\Downloads\momento-cli-0.21.1.windows_x86_64.zip|https://objects.githubusercontent.com/github-production-release-asset-2e65be/424283782/6f3179bc-f50e-43

Since the code changes from v0.21.0 to v0.21.1 are innocuous looking (changes only to the README), maybe something changed in the rust toolchain. That would change our build environment and the binary

[pgautier404]

Here's a brain dump from my investigation of the issue(s): https://docs.google.com/document/d/1NhfgCOBlN710lEkEW3ROAREnd_vk5USW8k4Ze4bWIcM/edit?usp=sharing

[pgautier404]

The trojan classification is a false positive, and older versions are falsely flagged as well. The "!ml" class of trojans are surfaced via machine learning and are responsible for a ton of false positives. These are particularly prevalent for new software from small publishers like us.

Using VirusTotal (https://www.virustotal.com/gui/home/upload) to scan our CLI shows that all antivirus solutions supported by the site (over 60 different scanners) report that it is clean.