Randima-Lahiru
commented
2 years ago Hi, Are there any alternative method for download Stripe CLI, still Windows detects the Stripe CLI as a virus/trojan
Open tomer-stripe opened 3 years ago
Randima-Lahiru
commented
2 years ago Hi, Are there any alternative method for download Stripe CLI, still Windows detects the Stripe CLI as a virus/trojan
tomer-stripe
commented
2 years ago Hey @Randima-Lahiru! The downloading process itself is not the problem, it's the actual compiled binary. You could try cloning the source and compiling it locally to see if that helps but there might be some weird behaviors there as you'd be running it in "dev mode"
gracegoo-stripe
commented
2 years ago Downloading is now also a problem, it seems like the CLI is also being tagged as malicious by Chrome as well
gracegoo-stripe
commented
2 years ago Actually, I think it's still the windows defender that is blocking the downloading, not chrome
justinasmussen
commented
2 years ago scoop will not allow it to install either.
clintonrocksmith
commented
2 years ago Ah, righto this is all very interesting.
Not sure if this helps but on Thursday the x86-64 version was marked as containing a virus and then on Friday it was the i386 version.
I don't think any of the ZIP files changed in any way. Should we engage with the Microsoft Defender team to help get some logs or information that could help?
What build image is used to generate the Zip and/or the build process? Could there be something in that? Maybe changing operating versions? I noticed there was a commit that was a part of moving away from Bitnami, something there perhaps? When I get some time I'll clone the repo and see if I can reproduce it locally on my Windows 11 machine. Is it Windows 11?
iNetDaniel
commented
12 months ago I'd like to bump this as it pretty much halts the development for one of my projects, at least with this payment processor. Telling my SysAdmin "Trust me, this isn't a virus" doesn't exactly fly when both Chrome and Windows flagged it as such. At least the checksum matches.
ptpavankumar-verdicode
commented
6 months ago Despite this being closed...I see that the exe is not digitally signed so Windows does continue to warn. Stripe being such a big company, why are they not spending little time/effort to fix this problem?
Raven0us
commented
3 months ago The app is still unsigned as of March 2024, but is no longer reported as a virus. Adding a firewall and running it in a sandboxed machine is overkill for this sort of task.
sovetski
commented
1 month ago Same problem here
Helloworldexampledotcom
commented
2 days ago 
Anhaachan
commented
1 day ago Still facing same issue in June 2024
Windows anti-virus scanners will occasionally flag the Stripe CLI as containing a virus or trojan. This is very likely a false positive. We upload the binary to VirusTotal on every new release for analysis but anti-virus software will occasionally get tripped up by compiled Go binaries: https://golang.org/doc/faq#virus
We've been working to resolve this for months but have not been able to find a permanent solution yet.
If you have any concerns please let us know here.