I had tried upgrading DDEV to the latest version and now Windows Defender is detecting it as a trojan:
Trojan:Win32/Ludicrouz.Z
Description
I initially had it installed through chocolatey. I uninstalled it, restarted, and reinstalled it through chocolatey and it still came up with the same error. I had also downloaded the .exe file from your repo and still same error.
Currently windows has the ddev.exe file quarantined.
Hi @billdaff - Thanks for the report. I'm unable to recreate it on Windows 10 Pro at this time. I carefully checked for updates first, then installed ddev using the ddev_windows_installer v1.10.2, then used ddev.
If you can remember or can recreate this, could you please report
which ddev or where ddev sayYou should be able to tell Windows Defender that ddev is not a trojan easily enough and get it out of quarantine.
Looking forward to your response, and thanks for the report.
Oh, please provide the "Security intelligence version" given by Windows Defender when you update as well, Mine is 1.299.1823.0
Update: Although not able to recreate on my own machine, I did get this alert on one of our testbots (testbot-dell-win10pro-2). I imagine we'll have to submit a false-positive report to Microsoft. You can do that also, although I'll have to learn the technique.
I submitted this to Microsoft using https://www.microsoft.com/en-us/wdsi/filesubmission; the submission is at https://www.microsoft.com/en-us/wdsi/submission/61db6317-42dc-4f17-b8e1-45784baa6ddd
So far I've been unable to recreate this with updated "security intelligence version"s. I am suspecting that the windows defender descriptions had a short-term mess-up with regard to golang binaries.
Microsoft says they have removed the detection, https://www.microsoft.com/en-us/wdsi/submission/61db6317-42dc-4f17-b8e1-45784baa6ddd
We have removed the detection. Please follow the steps below to clear cached detection and obtain the latest malware definitions.
- Open command prompt as administrator and change directory to c:Program FilesWindows Defender
- Run “MpCmdRun.exe -removedefinitions -dynamicsignatures”
- Run "MpCmdRun.exe -SignatureUpdate"
Alternatively, the latest definition is available for download here: https://www.microsoft.com/en-us/wdsi/definitions
Thanks so much, I was able to temporarily get around it by using chocolatey to install the version I was previously on (1.9.1). However this looks like you were able to get microsoft to address it. I will try upgrading again once my work pushes the latest updates for windows. Thanks again.
Thanks for the report. I think we'll leave this open a little longer to see if it hits anybody else.
No other reports so closing.
Most helpful comment
Microsoft says they have removed the detection, https://www.microsoft.com/en-us/wdsi/submission/61db6317-42dc-4f17-b8e1-45784baa6ddd