gerardog/gsudo

Issue: Portable gsudo.exe now deliberately flagged as PUP `Generic.Application.Gsudo` by BitDefender

Xeevis opened this issue · 3 comments

Issue Description

It appears BitDefender has now took a hardline against gsudo and this time not as false positive, but in a deliberate attempt as it identifies threat as Generic.Application.Gsudo. It will rigorously block any attempt to download the portable version with Antivirus, Advanced Threat Defense and Online Threat Prevention as all flag the gsudo.exe and will block download or will quarantine aby archives or installers that bundle it (as is the case with WingetUI).

This doesn't affect the MSI installer in any way and using the installed gsudo.exe by 3rd party processes is fine as well.

Screenshots

  1. Can't download the ZIP file
    image

  2. Can't install when bundled in another installer
    wingetUI_bitdefender

  3. Scanner will quarantine any stragglers bundling it
    image

  4. gsudo installed with MSI installer is left alone and when WingetUI is set to use installed gsudo no suspicious behavior is detected either
    image

  5. VirusTotal
    image

Context:

  • Windows version: Win11 22H2
  • gsudo version: 2.0.4 (affects at least 10 most recent versions)
  • BitDefender Total Security | Build 26.0.32.123

It seems to only affect the .Net46/AnyCpu build.