Powershell: dotnet apphost.exe detected as Trojan
Steps to reproduce
I cloned the repo, and executed:
Import-Module .\build.psm1
Start-PSBootstrap
Expected behavior
Everything works great.
Actual behavior
Popup from Windows Defender, claiming that this file:
C:\Users\<me>\AppData\Local\Microsoft\dotnet\packs\Microsoft.NETCore.App.Host.win-x86\5.0.0\runtimes\win-x86\native\apphost.exe
Is a virus: Trojan:Win32/Fuery.C!cl
jazzdelightsme
👀1
All 5 comments
I wonder to see the report in the repository. It is better to report the false positive to Windows Defender team.
iSazonov
on 8 Nov 2020
If you think it is not false positive please use out security template as guidance to create a security report.
iSazonov
on 8 Nov 2020
Submitted to Defender people following instructions here: https://www.microsoft.com/en-us/wdsi/filesubmission/.
Submit suspected malware or incorrectly detected files for analysis. Submitted files will be added to or removed from antimalware definitions based on the analysis results.
jazzdelightsme
on 8 Nov 2020
👍1
/cc @TravisEz13 for information.
iSazonov
on 8 Nov 2020
This has been addressed. Steps to fix locally:
- Open command prompt as administrator and change directory to c:\Program Files\Windows Defender
- Run “MpCmdRun.exe -removedefinitions -dynamicsignatures”
- Run "MpCmdRun.exe -SignatureUpdate"
Alternatively, the latest definition is available for download here: https://www.microsoft.com/en-us/wdsi/definitions
Download the latest security intelligence updates for Microsoft Defender Antivirus, Microsoft Security Essentials (MSE), System Center Endpoint Protection (SCEP) and other antimalware.
jazzdelightsme
on 8 Nov 2020
👍1
Was this page helpful?
0 / 5 - 0 ratings
Related issues
HumanEquivalentUnit
·
3Comments
pcgeek86
·
3Comments
MaximoTrinidad
·
3Comments
Michal-Ziemba
·
3Comments
abock
·
3Comments