Fluentui: Windows Defender reports trojan in NPM package

Created on 21 Mar 2019  ·  7Comments  ·  Source: microsoft/fluentui

Environment Information

  • __Package version(s)__: 6.158.0 (older had this issue too)
  • __Browser and OS versions__: Windows 10.0.17763

Actual behavior:

After installing the office-ui-fabric-react package (npm install --save office-ui-fabric-react), Windows Defender complains about a trojan in some of the files:
image

This has affected me and several colleagues starting yesterday afternoon (PST).

Expected behavior:

No trojans found 😃

Priorities and help requested:

Are you willing to submit a PR to fix? n/a, willing to help

Requested priority: Blocking development

Blocking External
Source
picture jsurbaitis
👍7

Most helpful comment

If anyone would like to inspect the code for themselves, here are some links for convenience. (Definitely no trojans, just standard boring code.)

https://unpkg.com/[email protected]/lib/components/ExtendedPicker/PeoplePicker/ExtendedPeoplePicker.doc.js
https://unpkg.com/[email protected]/lib-amd/components/ExtendedPicker/PeoplePicker/ExtendedPeoplePicker.doc.js
https://unpkg.com/[email protected]/lib/components/Nav/Nav.doc.js
https://unpkg.com/[email protected]/lib-amd/components/Nav/Nav.doc.js

picture ecraig12345 on 21 Mar 2019
👍5

All 7 comments

I just saw this as well. I'm using 6.150.0

amygl picture amygl on 21 Mar 2019

Thanks for raising awareness on this! We're investigating the issue right now working with the Windows Defender team to see what's happening since we believe this to be a false positive.

khmakoto picture khmakoto on 21 Mar 2019

If anyone would like to inspect the code for themselves, here are some links for convenience. (Definitely no trojans, just standard boring code.)

https://unpkg.com/[email protected]/lib/components/ExtendedPicker/PeoplePicker/ExtendedPeoplePicker.doc.js
https://unpkg.com/[email protected]/lib-amd/components/ExtendedPicker/PeoplePicker/ExtendedPeoplePicker.doc.js
https://unpkg.com/[email protected]/lib/components/Nav/Nav.doc.js
https://unpkg.com/[email protected]/lib-amd/components/Nav/Nav.doc.js

ecraig12345 picture ecraig12345 on 21 Mar 2019
👍5

Engaging with the Windows Defender team.

dzearing picture dzearing on 21 Mar 2019

They have resolved on their side. We are following up on an ETA of how soon customers should see the fix.

dzearing picture dzearing on 21 Mar 2019
👍4

Ok, this should be resolved now. If you continue to experience the error, try clearing the Defender's cache:

  1. Open command prompt as administrator and change directory to c:Program FilesWindows Defender
  2. Run “MpCmdRun.exe -removedefinitions -dynamicsignatures”
  3. Run “MpCmdRun.exe -SignatureUpdate”

Can the OP please confirm this is working for them?

micahgodbolt picture micahgodbolt on 21 Mar 2019
👍4

@micahgodbolt that works! Thank you all for the quick turnaround on this.

jsurbaitis picture jsurbaitis on 21 Mar 2019
🎉1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

rickyp-ms picture rickyp-ms  ·  3Comments
nekoya picture nekoya  ·  3Comments
carruthe picture carruthe  ·  3Comments
nekoya picture nekoya  ·  3Comments
prashkan picture prashkan  ·  3Comments