MS Defender blocks 'Serious threat' when running log4jscanwin
Closed this issue · 9 comments
Was it triggered from one of the binaries we supplied? Or did you build it yourself?
From your binary. It runs for about 25 seconds "Scanning c:" and then it comes up.
Edit: i also tried running it on a secondary system and same trigger there. Three times in a row (incase it was something else!).
Useless side note that may or may not help:
Running the scanning tool on an old XP computer (works great even on old XP !).
Avast with current signatures (20 Dec) does not detect it being a threat.
Quick feedback : I had no problem in running the program on win 10 with SentinelOne av.
I had no problems running this (1.2.17) yesterday on Win10 with Defender for Endpoints
I suspect the ransomware behavior detection component of Windows 11 noticed the sequential traversal of the file system as something to block. It appears our code-signing certificate isn't enough to overcome the suspicion of Windows Defenders scoring system on Windows 11.
That is rather annoying.