search

mskyaxl / wsl-terminal

Terminal emulator for Windows Subsystem for Linux (WSL)
MIT License
3.12k stars 160 forks source link

BitDefender Antivirus Free Edition blocking and deleting wsl-terminal 0.9.0 exe files #180

Closed gwarf closed 4 years ago

gwarf commented 4 years ago

Hi, I'm using BitDefender Antivirus Free Edition on a Windows 10 box, and it prevented to download the 7z archive for the wsl-terminal 0.9.0 release. I was able to download the zip file but then BitDefender blocked it saying vim.exe, run-wsl.file.exe, open-wsl.exe contains Trojan.GenericKD.33433992. It's probably (I hope :) ) a false positive and will try to report to BitDefender

Annotation 2020-03-21 203221

gwarf commented 4 years ago

I've submited the zip to https://www.bitdefender.com/submit

I also updated the file to virus total: https://www.virustotal.com/gui/file/3f321c489edf42116484acd748c88aee0308c97ccfa4b988b7beda5c97316975/detection

Annotation 2020-03-21 204228

mskyaxl commented 4 years ago

that is rather odd. I have a paid subscription for bit defender and I never had issues. On the other hand the version I use is build from the source and not the release. I will try that exact binary and report back :)

mskyaxl commented 4 years ago

1584889113_1_01.txt 1584889145_1_01.txt 1584889253_1_01.txt 1584889261_1_01.txt

I have attached the logs of bit defender for all the binaries I downloaded from the download section: https://github.com/mskyaxl/wsl-terminal/releases/download/v0.9.0/wsl-terminal-0.9.0.7z https://github.com/mskyaxl/wsl-terminal/releases/download/v0.9.0/wsl-terminal-0.9.0.zip https://github.com/mskyaxl/wsl-terminal/releases/download/v0.9.0/wsl-terminal-tabbed-0.9.0.7z https://github.com/mskyaxl/wsl-terminal/releases/download/v0.9.0/wsl-terminal-tabbed-0.9.0.zip

And all of them are clean. Are you sure everything is ok with your machine?

mskyaxl commented 4 years ago

Further updates:

More over scanning all the links with virustotal.com shows once again that the source is clean:

https://www.virustotal.com/gui/url/9d80932b89ccccecdebee36d292babfbcf2ca39c277280bfe00e8132d7e403bc/detection https://www.virustotal.com/gui/url/398b76c9bb66e26c9dcff215650eea861aec493aed3116dc060710aa2537b70f/detection https://www.virustotal.com/gui/url/99571425321ddd7fb4e474b97b52b086ed4a2232907a9e307629f11eef03de9a/detection https://www.virustotal.com/gui/url/5b041393fd5374f72dcdc3bbccf4437595dc1b506c81f566780b4cf8bf9c8916/detection

gwarf commented 4 years ago

Are you sure everything is ok with your machine?

Sorry for the delay but yes my system is fine and as you can see on https://www.virustotal.com/gui/file/3f321c489edf42116484acd748c88aee0308c97ccfa4b988b7beda5c97316975/detection the sha256 of the file is the same as on https://github.com/mskyaxl/wsl-terminal/releases/tag/v0.9.0: 3f321c489edf42116484acd748c88aee0308c97ccfa4b988b7beda5c97316975 (it's even the identifier in the virustotal URL) So let's assume it was a temporary (?) false positive