Windows binary detected as malware
Closed this issue · 4 comments
What happened?
Windows Security detects the standalone binary as a threat and quarantines the file.
https://www.virustotal.com/gui/file/894a1c0cc2dabd485f16869f6396f524f9fdf609a66f9915df8e454048130710
Thanks for the tip!
Looking at the report it seems the binary has been flagged because it matches some experimental or generic rules that triggers on anything that looks like a bundled Python binary (as produced by Nuitka or Py2exe). Like these signals:
K8h3d campaign (Sysmon detection)Python Image Load By Non-Python Process
There's also pointers to the fact that mpm is invoking external commands, but that's expected for a meta package manager calling other package managers installed on the system.
Can you point out to a specific instance of malware or unexpected behavior in the virus report? If not I will consider this issue as invalid.
That being said, I don't know anything about the Windows ecosystem. Do you? Can you help me figure out if this negative report can be ignore, or is there something we can do to add mpm to any allowlist? Is there a way to demonstrate the good intentions of mpm to virus vendors?
Right, I suspected it was a false positive due to bundling python.
I have reported it as such to microsoft via their malware analysis form.
I realize there is not much else you can do about it, just seemed appropriate to report it here.
Thanks @wickles for the feedback, and thank you for submitting mpm to Microsoft for review. I didn't there was a way to send them binaries.
I'll close this issue for now but will reuse it if something come back on that topic.
This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.