Windows Defender marks exe file as virus

Question

Windows Defender marks exe file as virus

pszypowicz opened this issue 4 years ago · 5 comments

Also the virustotal output: https://www.virustotal.com/gui/file/ff41951c3f519138bb0e61038d7155c6c38194d4d8a3304f46c67c4572ee8bec/detection

Answer 1 · 2020-09-27T05:45:07.000Z

I submitted this to the Defender team as a false positive and it has been removed:

We have removed the detection. Please follow the steps below to clear cached detection and obtain the latest malware definitions.
 1. Open command prompt as administrator and change directory to c:\Program Files\Windows Defender 
 2. Run “MpCmdRun.exe -removedefinitions -dynamicsignatures”
 3. Run "MpCmdRun.exe -SignatureUpdate"
Alternatively, the latest definition is available for download here: https://www.microsoft.com/en-us/wdsi/definitions

Answer 2 · 2020-09-27T09:49:26.000Z

And it worked. Defender no longer removes it.
Thanks!

Answer 3 · 2020-09-27T10:37:20.000Z

Glad it worked - thanks for confirming 😃

Answer 4 · 2021-07-11T09:58:24.000Z

This is back, see https://www.virustotal.com/gui/file/4e3c8793543b96738e041946ee73118669aaaba20d2fd8310ebf5ffbb6d15928/detection - Windows 11 is now removing this file :-/

Answer 5 · 2021-07-11T10:34:44.000Z

Yeah......I kinda get why Windows Defender keeps flagging this file, Go loads all APIs dynamically via LoadLibrary / GetProcAddress, from a debugger perspective it looks suuuuuuper shady