gerardog/gsudo

Issue: Sophos AV blocks gsudo

bh-chwo opened this issue · 1 comments

Issue Description

I tried upgrading some apps with winget, but my Sophos AV instantly blocked the function and isolates the PC.

Steps to Reproduce

  1. powershell
  2. gsudo winget upgrade
  3. PC is isolated

Screenshots

Screenshot 2024-04-25 115125

gsudo --debug winget upgrade
Debug: Invoking Shell: PowerShellCore
Debug: Command Line: --debug winget upgrade
Debug: Command to run: "C:\Program Files\PowerShell\7\pwsh.exe" -NoLogo -NoProfile -Command "winget upgrade"
Debug: Using Console mode TokenSwitch
Debug: Caller PID: 15432
Debug: Connected via Named Pipe ProtectedPrefix\Administrators\gsudo_DF763A2E0FF2D26118E29D84696CBBF5EB5C619350AB009D1B0B680D6A5ECDE8.
Debug: Creating target process: "C:\Program Files\PowerShell\7\pwsh.exe" -NoLogo -NoProfile -Command "winget upgrade"
Debug: Process token successfully substituted.
Debug: Process exited with code 0

Context:

  • Windows version:

Version 22H2 (Build 22621.3447) - German

  • gsudo version:

gsudo v2.4.4 (Branch.tags-v2.4.4.Sha.cf887bf98d5d3d90fc1eebc08c7a277afb50cd19)
Copyright(c) 2019-2022 Gerardo Grignoli and GitHub contributors

Sophos Antivirus is mistakenly flagging gsudo as a potential threat. Unfortunately, this type of issue falls under the antivirus software's responsibility, as false positives can occur with certain tools or scripts.

Please report this to Sophos so they can investigate and whitelist gsudo if appropriate. In the meantime, you could also try adding an exclusion in Sophos for gsudo, if possible, to prevent it from being blocked.