Windows Defender Virus Detected - Githubissues

younesaassila / ttv-lol-pro

TTV LOL PRO removes most livestream ads from Twitch. This is free, don't expect it to be perfect.

GNU General Public License v3.0

1.39k stars 26 forks source link

Windows Defender Virus Detected #315

Closed ethan-xd closed 2 months ago

ethan-xd commented 2 months ago

Describe the bug Suddenly got a Windows Defender quarantine on this extension.

To Reproduce Try scan the XPI with Windows Defender or any other antivirus and see if it complains?

Expected behavior No virus detected.

Screenshots

Desktop (please complete the following information):

OS: Windows 10
Browser: Waterfox
Version: G6.0.11 (64-bit)

Additional context Last updated 28/3/2024.

younesaassila commented 2 months ago

Where did you download the extension from (and what exact version of it)?
Are you sure this is the TTV LOL PRO extension?
What happens if you uninstall/reinstall the extension to randomize the UUID again?

younesaassila commented 2 months ago

Hmm I see the UUID matches the v2 version. Still, I'd like to know where you downloaded this from

younesaassila commented 2 months ago

VirusTotal doesn't detect anything (as it should): https://www.virustotal.com/gui/file/5d9a5f4b4b4d46a39e9d6c9df28fc1d342a1af6d6389196c9c1bd0006036a647 (v2.3.6 XPI from Firefox Addons Store)

l1m0n3 commented 2 months ago

Same thing happened to me yesterday. I reverted the file which was deleted by windows defender and checked the hash of it. It was 5d9a5f4b4b4d46a39e9d6c9df28fc1d342a1af6d6389196c9c1bd0006036a647 which is exactly the same file that you scanned on VirusTotal. I'm using Firefox and installed the extension from the store. I guess it's just a false-positive, but I wonder what's causing this...

younesaassila commented 2 months ago

Submitted the file to Microsoft for review under "Incorrect detection"

younesaassila commented 2 months ago

What I don't understand is why Windows Defender apparently flags it yet on VirusTotal Microsoft says no problem. Ughh

younesaassila commented 2 months ago

Should be fixed, can anyone confirm?

Here is Microsoft's response:

At this time, the submitted files do not meet our criteria for malware or potentially unwanted applications. The detection has been removed. Please follow the steps below to clear cached detections and obtain the latest malware definitions.

Open command prompt as administrator and change directory to c:\Program Files\Windows Defender

Run “MpCmdRun.exe -removedefinitions -dynamicsignatures”

Run "MpCmdRun.exe -SignatureUpdate"

Alternatively, the latest definition is available for download here: https://docs.microsoft.com/microsoft-365/security/defender-endpoint/manage-updates-baselines-microsoft-defender-antivirus

Thank you for contacting Microsoft.