Hi,
I've tried to update aws-vault to version 5.4.1 on Windows and get a threat alert from Windows Defender:
Detected: Trojan:Win32/Wacatac.C!ml
Affected items:
file: C:\Users\vlad\Downloads\aws-vault-windows-386.exe
webfile: C:\Users\vlad\Downloads\aws-vault-windows-386.exe|https://github-production-release-asset-2e65be.s3.amazonaws.com/40539602/36e9b980-8354-11ea-9d7d-5f0fc602fd8e?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20200422%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20200422T095206Z&X-Amz-Expires=300&X-Amz-Signature=7ed353bccc3a9e1d24f1c811e6bd4842579243944f51b5a01951978d88429fcc&X-Amz-SignedHeaders=host&actor_id=0&repo_id=40539602&response-content-disposition=attachment%3B%20filename%3Daws-vault-windows-386.exe&response-content-type=application%2Foctet-stream|pid:4792,ProcessStart:132320228606135531
Ha! False-positive?
Can you compare your binary with the SHASUM256?
How does one alert MS to a false-positive?
SHA256 is 636483700D76A93F5E68E2559BE32137E01F9626BC8D8FE49E772E4461856CC0, which looks correct.
I'm not sure how to alert MS, this is the first time I encounter an alert (I don't use Windows all that often).
Got bitten by the same issue today. Just done some debugging, looks like I have to go back to v5.3.2 in order to not get the windows binary detected as a virus.
Tried to submit here but can't seem to get past this

Response: {"Message":"There was a problem submitting the file for analysis."}
🤷 anyone want to champion this?
I've managed to submit the file to your link.
Submission ID: 6e185b66-8eec-43ed-95ae-03b6e6fb692d (link)
FWIW, I've download version 5.4.2 and it didn't trip the antivirus. I tried again with 5.4.1 et it also worked. There have been Windows Defender updates since I've opened this issue, which might explain de change.
The MS website also says "not malware". You can probably close the issue as it was probably related to the particular Windows Defender definitions.
I've just submitted v5.4.4 to here as an incorrect detection.
It is currently listed as "Cloud: Trojan..." so I guess the cloud checker determined it as malicious?
If someone can download the source and compile it and check / submit maybe?
I can try and do this at some point but am pressed for time.
Will the builds yield the same hash?
That would be the only / best way to confirm that the source is the correct input to the .exe.
CC @gusztavvargadr, per choco discussion.

This is the response from the submission.
Analyst comments:
We have removed the detection. Please follow the steps below to clear cached detection and obtain the latest malware definitions.
- Open command prompt as administrator and change directory to c:\Program Files\Windows Defender
- Run “MpCmdRun.exe -removedefinitions -dynamicsignatures”
- Run "MpCmdRun.exe -SignatureUpdate"
The first command does not work, the seconds states it updates definitions.
Downloading 5.4.4 again, works.
Most helpful comment
Got bitten by the same issue today. Just done some debugging, looks like I have to go back to v5.3.2 in order to not get the windows binary detected as a virus.