Clearly a false positive, logging it as a GH issue in case anyone else sees it and panics.
Category: Trojan
Description: This program is dangerous and executes commands from an attacker.
Recommended action: Remove this software immediately.
Items:
containerfile:C:\cloudRIG\Termination-Checker.vbs
file:C:\cloudRIG\Termination-Checker.vbs->(UTF-16LE)
file:C:\Windows\System32\Tasks\CloudRIGTerminationChecker
process:pid:6924,ProcessStart:131813976001945618
regkey:HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D0A5740-1631-48F7-BA56-8870BBAFA866}
regkey:HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CloudRIGTerminationChecker
taskscheduler:C:\Windows\System32\Tasks\CloudRIGTerminationChecker
Get more information about this item online.
---
Want to back this issue? **[Post a bounty on it!](https://www.bountysource.com/issues/63417266-windows-defender-false-positive-against-termination-checker-vbs?utm_campaign=plugin&utm_content=tracker%2F51879914&utm_medium=issues&utm_source=github)** We accept bounties via [Bountysource](https://www.bountysource.com/?utm_campaign=plugin&utm_content=tracker%2F51879914&utm_medium=issues&utm_source=github).
Bumped into this after booting up my rig today; Trojan:Script/Cloxer.A!cl
Clearly a false positive, logging it as a GH issue in case anyone else sees it and panics.