MistakingManx
commented
1 year ago
Same issue here, except, on an older version of NW.JS. I reported the false positive to Microsoft already, it affected my release version.
Open dpage opened 1 year ago
MistakingManx
commented
1 year ago
Same issue here, except, on an older version of NW.JS. I reported the false positive to Microsoft already, it affected my release version.
prominentdetail
commented
1 year ago Users of my app have just started reporting this issue today as well, but for an older version of nw.js (0.71.0) I was going to update my nw.js to hopefully mitigate it, but looks like it affects all versions. I also reported the false positive to Microsoft. Not sure what else I can do. Hope something is done about it.
4demon
commented
1 year ago I'm getting this issue, too. What's going on? Why would it suddenly start affecting old versions as well? It's only Windows Defender that is blocking it. If I check it using Avast or AVG it's fine.
prominentdetail
commented
1 year ago I think if more of us report it to microsoft, maybe there will be a greater chance of getting it fixed. You can report it here: https://www.microsoft.com/en-us/wdsi/filesubmission
bluthen
commented
1 year ago I've had this issue for years. scanners gonna do what they want. Ended up just putting in instructions to add exceptions before install. It is annoying but I don't know what you can do when malware creators are free to use nw.js as well. This also happens to electron, but they might have more people filing submissions and VS Code uses it.
This also happens to PyInstaller made executables. Also Microsoft Defender runs on other operating systems and NWJS get quarantined on Mac for example.
Sometimes you can get flagged less often if you sign all your executables. https://learn.microsoft.com/en-us/windows/win32/seccrypto/signtool
Once signed, from my understanding your certificate gets something like a reputation score depending on how many other systems it is installed on.
If anyone has any better solution that would be great, I've not thought of any. Maybe if you make your own custom build some more checksums might not get caught? But that is a lot of effort for maybe no return.
prominentdetail
commented
1 year ago Sometimes you can get flagged less often if you sign all your executables. https://learn.microsoft.com/en-us/windows/win32/seccrypto/signtool
My understanding is that you need a signing certificate, which costs at least $400/yr Seems pretty expensive to me.
BuggyTheBug
commented
10 months ago The same thing is happening to me, even after packing the nw.js exe with a paid version of the Enigma Protector (64 bit) I've reported the false positive to Microsoft as well.
I'm using nw.js 0.74.0 I haven't tried with a certificate yet, but I might go that route if this isn't corrected at some point.
This is most likely a false positive, however Windows Defender (on some pgAdmin user's systems) and the Rising AV engine have started reporting that nw.exe from 0.77 for Windows contains the Doplik trojan. See https://www.virustotal.com/gui/file/cc93341040bf223c9e7bd37c7e6e7c0f5540d07d2f21c1e4c877090352f23abf
Can someone please confirm it's actually clean, and log with the appropriate vendors as a false positive as appropriate?
Thanks!