Windows Defender false-positive against `Termination-Checker.vbs`

[putty182]

Bumped into this after booting up my rig today; Trojan:Script/Cloxer.A!cl

Clearly a false positive, logging it as a GH issue in case anyone else sees it and panics.

Category: Trojan

Description: This program is dangerous and executes commands from an attacker.

Recommended action: Remove this software immediately.

Items: 
containerfile:C:\cloudRIG\Termination-Checker.vbs
file:C:\cloudRIG\Termination-Checker.vbs->(UTF-16LE)
file:C:\Windows\System32\Tasks\CloudRIGTerminationChecker
process:pid:6924,ProcessStart:131813976001945618
regkey:HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D0A5740-1631-48F7-BA56-8870BBAFA866}
regkey:HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CloudRIGTerminationChecker
taskscheduler:C:\Windows\System32\Tasks\CloudRIGTerminationChecker

Get more information about this item online.

--- Want to back this issue? **[Post a bounty on it!](https://www.bountysource.com/issues/63417266-windows-defender-false-positive-against-termination-checker-vbs?utm_campaign=plugin&utm_content=tracker%2F51879914&utm_medium=issues&utm_source=github)** We accept bounties via [Bountysource](https://www.bountysource.com/?utm_campaign=plugin&utm_content=tracker%2F51879914&utm_medium=issues&utm_source=github).

[williamparry]

Great pick up - thanks :)

Any ideas how to get around it?

[williamparry]

This looks promising: https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus

[AetherCollective]

You could always use my False Positive Reporter tool to request whitelisting from AV Vendors. https://github.com/BetaLeaf/False-Positive-Reporter