Windows Defender false alert on v0.2.70
Closed this issue · 2 comments
Bug report info
-- coudn't execute it --
Command used with act
-- coudn't execute it --Describe issue
Hello,
on my machine occured following problem: On the latest release ( v0.2.70 ) the windows defender automatically deletes the act.exe based on a recognized trojan ( Win32/Bearfoos.A!ml ).
It seems to be related on the latest changes updated dependencies because when using the v0.2.69 everything works as expected and fine.
Also based on the result of virus total it seems to be a false/positive warning ( see: https://www.virustotal.com/gui/file/f58096e5202c879023f844b68f483b3331a61859e86bdef11c074a84990f900b )
Link to GitHub repository
No response
Workflow content
-- coudn't execute it --Relevant log output
-- coudn't execute it --Additional information
No response
I could guess two things act does might cause the detection. However except the automated dependency updates nothing changed as you said.
Interesting this comes up 16-17 days after the binary has been published via automation.
- The xdg dependency (which has been bumped in 0.2.70), this is used to create a folder before asking the first time survay (the first virus scanner alert coming from winget shortly after a xdg folder has been created without user prompt in an act release)
- the call to home version check of cplee
I'm not using windows right now and my regular merges to master are blocked due to lack of reviewer. Blind trust in dependablebot PR's.
winget has at the time of writing not even 0.2.70 and they might should avoid to merge the update if defender really detects something for whatever reason and nothing meaningful has been changed.
Thanks for the quick response!
Due the fact that winget merged your PR already and all the other scans were negative I think we can say for sure its fine and I'll close this bug.