Wincrypt is marked as potential malware during installation via chocolatey

Question

Wincrypt is marked as potential malware during installation via chocolatey

yacoob opened this issue 4 years ago · 3 comments

Not a bug per-se, just wanted to let you know:

PS C:\windows\system32> choco install wincrypt-sshagent
Chocolatey v0.10.15 Professional
Installing the following packages:
wincrypt-sshagent
By installing you accept licenses for the packages.
Progress: Downloading wincrypt-sshagent 1.1.7... 100%

wincrypt-sshagent v1.1.7 [Approved]
wincrypt-sshagent package files install completed. Performing other installation steps.
Downloading wincrypt-sshagent 64 bit
  from 'https://github.com/buptczq/WinCryptSSHAgent/releases/download/v1.1.7/WinCryptSSHAgent.exe'
Using download CDN cache instead of original url.
Progress: 100% - Completed download of 'WinCryptSSHAgent.exe' (4.05 MB).
Download of 'WinCryptSSHAgent.exe' (4.05 MB) completed.
Virus check: 3/70 scan engines flagged this assembly.
 Due to possible false positives we fail at 4 minimum positives.
 Virus scan engine 'Bkav' found potential 'W32.AIDetect.malware1'.
 Virus scan engine 'Cylance' found potential 'Unsafe'.
 Virus scan engine 'APEX' found potential 'Malicious'.
Hashes match.

VirusTotal also shows APEX marking the exe file as suspicious. Probably a false positive... right? :)

Answer 1 · 2021-03-07T02:27:09.000Z

I think it is a a false positive, WinCryptSSHAgent is built by github action.

Answer 2 · 2021-04-14T00:14:11.000Z

On a somewhat related note, I think Avast Antivirus also marks this as malware.

Answer 3 · 2021-10-02T10:27:46.000Z

And Google Chrome too!