EnvyUpdate detected as trojan by windows defender
thaifoodninja opened this issue · 4 comments
Windows has been repeatedly scrubbing EnvyUpdate from my machine
Trojan:Win32/Bearfoos.B!ml
virustotal does give some hits back as well https://www.virustotal.com/gui/file/0203f52776e0b567b1816e44fb325c03f12f0221134e25f70ae7329f6643f80d
I am aware of this. I suppose I have to report it as a false positive to these antivirus vendors.
Generally, I can only tell you that EnvyUpdate is in fact not malicious. The source code is visible here and if one does not trust my compiled exe (which is fair), the code can be compiled directly from this source here.
But thank you for the information, I will get to work reporting the false positives when I get the time.
Alright, checking out the VirusTotal analysis I noticed that my packing of the application with costura seems to trip the detection. Unfortunately, I do not have another practical way to ship a single exe, so I will instead submit notices of false positives.
I have received an answer from Microsoft and they removed EnvyUpdate from their detection list. I will quote the answer I got here for future reference:
At this time, the submitted files do not meet our criteria for malware or potentially unwanted applications. The detection has been removed. Please follow the steps below to clear cached detections and obtain the latest malware definitions.
- Open command prompt as administrator and change directory to c:\Program Files\Windows Defender
- Run “MpCmdRun.exe -removedefinitions -dynamicsignatures”
- Run "MpCmdRun.exe -SignatureUpdate"
Alternatively, the latest definition is available for download here: https://docs.microsoft.com/microsoft-365/security/defender-endpoint/manage-updates-baselines-microsoft-defender-antivirus
I will close this issue for now, it should be sufficiently dealth with. If you disagree, feel free to reopen it :)